Vulnerability Description
The MARC framework import/export function (admin/import_export_framework.pl) in Koha before 3.8.23, 3.10.x before 3.10.13, 3.12.x before 3.12.10, and 3.14.x before 3.14.3 does not require authentication, which allows remote attackers to conduct SQL injection attacks via unspecified vectors.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Koha | Koha | < 3.08.23 |
Related Weaknesses (CWE)
References
- http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11666ExploitIssue TrackingVendor Advisory
- http://koha-community.org/security-release-february-2014/Vendor Advisory
- http://www.openwall.com/lists/oss-security/2014/02/07/10Mailing ListThird Party Advisory
- http://www.openwall.com/lists/oss-security/2014/02/10/3Mailing ListThird Party Advisory
- http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11666ExploitIssue TrackingVendor Advisory
- http://koha-community.org/security-release-february-2014/Vendor Advisory
- http://www.openwall.com/lists/oss-security/2014/02/07/10Mailing ListThird Party Advisory
- http://www.openwall.com/lists/oss-security/2014/02/10/3Mailing ListThird Party Advisory
FAQ
What is CVE-2014-1924?
CVE-2014-1924 is a vulnerability with a CVSS score of 9.8 (CRITICAL). The MARC framework import/export function (admin/import_export_framework.pl) in Koha before 3.8.23, 3.10.x before 3.10.13, 3.12.x before 3.12.10, and 3.14.x before 3.14.3 does not require authenticati...
How severe is CVE-2014-1924?
CVE-2014-1924 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2014-1924?
Check the references section above for vendor advisories and patch information. Affected products include: Koha Koha.