Directory Traversal Vulnerabilities in Koha Versions 3.14.x to 3.20.x

Directory Traversal Vulnerabilities in Koha Versions 3.14.x to 3.20.x

CVE-2015-4632 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

Multiple directory traversal vulnerabilities in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, 3.18.x before 3.18.08, and 3.20.x before 3.20.1 allow remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the template_path parameter to (1) svc/virtualshelves/search or (2) svc/members/search.

Learn more about our Web Application Penetration Testing UK.