CVE-2024-24337

CVE-2024-24337 · Severity

CSV Injection vulnerability in '/members/moremember.pl' and '/admin/aqbudgets.pl' endpoints in Koha Library Management System version 23.05.05 and earlier allows attackers to to inject DDE commands into csv exports via the 'Budget' and 'Patrons Member' components.

Learn more about our Web Application Penetration Testing UK.