CVE-2015-4632 Scanner
CVE-2015-4632 scanner - Directory Traversal vulnerability in Koha
Short Info
Level
High
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 seconds
Time Interval
1 month 2 days
Scan only one
URL
Toolbox
-
Koha is an open-source Integrated Library System (ILS) that is used by libraries all over the world to manage their collections, patrons, and circulation. It was first developed in New Zealand in 1999 and has since become a popular choice for libraries of all sizes. Koha supports a range of library functions including cataloging, circulation, acquisitions, and serials management.
CVE-2015-4632 is a directory traversal vulnerability that affects several versions of Koha, including 3.14.x, 3.16.x, 3.18.x, and 3.20.x. This vulnerability allows remote attackers to read arbitrary files by using a "..%2f" (dot dot encoded slash) in the template_path parameter of the svc/virtualshelves/search or svc/members/search functions. This effectively allows attackers to traverse directories outside of the intended scope and read sensitive files on the affected system.
If exploited, the CVE-2015-4632 vulnerability can lead to a range of serious consequences for affected libraries. Attackers could potentially gain access to sensitive information such as patron data, library financial information, and other confidential documents. Additionally, the compromise of a library's ILS system could lead to disruption in library operations, including the inability to check out materials or access electronic resources.
By using s4e.io platform's pro features, libraries can easily and quickly learn about vulnerabilities in their digital assets. They can keep track of vulnerabilities across multiple systems without the need for manual processes or constant monitoring. Additionally, s4e.io platform provides detailed information on how to remediate vulnerabilities, allowing libraries to quickly secure their systems and avoid potential exploitation.
REFERENCES
- https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14408
- https://koha-community.org/koha-3-14-16-released/
- https://koha-community.org/security-release-koha-3-16-12/
- https://koha-community.org/security-release-koha-3-18-8/
- https://koha-community.org/security-release-koha-3-20-1/
- https://packetstormsecurity.com/files/132458/Koha-ILS-3.20.x-CSRF-XSS-Traversal-SQL-Injection.html
- https://seclists.org/fulldisclosure/2015/Jun/80
- https://www.exploit-db.com/exploits/37388/
- https://www.sba-research.org/2015/06/24/researchers-of-sba-research-found-several-critical-security-vulnerabilities-in-the-koha-library-software-via-combinatorial-testing/
