Vulnerability Description
Directory traversal vulnerability in cgi-bin/koha/mainpage.pl in Koha 3.4 before 3.4.7 and 3.6 before 3.6.1, and LibLime Koha 4.2 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the KohaOpacLanguage cookie to cgi-bin/opac/opac-main.pl, related to Output.pm.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Koha | Liblime Koha | <= 4.2 |
| Koha | Koha | 3.06.00.000 |
Related Weaknesses (CWE)
References
- http://koha-community.org/koha-3-4-7/#more-2971
- http://koha-community.org/koha-3-6-1/#more-2929
- http://osvdb.org/77322
- http://secunia.com/advisories/46980Vendor Advisory
- http://www.exploit-db.com/exploits/18153Exploit
- http://www.securityfocus.com/bid/50812Exploit
- http://www.vigasis.com/en/?guncel_guvenlik=LibLime%20Koha%20%3C=%204.2%20Local%2Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/71478
- https://github.com/liblime/LibLime-Koha/commit/8ea6f7bc37d05a9ec25b5afbea011cf9d
- http://koha-community.org/koha-3-4-7/#more-2971
- http://koha-community.org/koha-3-6-1/#more-2929
- http://osvdb.org/77322
- http://secunia.com/advisories/46980Vendor Advisory
- http://www.exploit-db.com/exploits/18153Exploit
- http://www.securityfocus.com/bid/50812Exploit
FAQ
What is CVE-2011-4715?
CVE-2011-4715 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Directory traversal vulnerability in cgi-bin/koha/mainpage.pl in Koha 3.4 before 3.4.7 and 3.6 before 3.6.1, and LibLime Koha 4.2 and earlier allows remote attackers to read arbitrary files via a .. (...
How severe is CVE-2011-4715?
CVE-2011-4715 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2011-4715?
Check the references section above for vendor advisories and patch information. Affected products include: Koha Liblime Koha, Koha Koha.