← back
CVE-2014-1924

CVE-2014-1924

EPSS 2.0%
The MARC framework import/export function (admin/import_export_framework.pl) in Koha before 3.8.23, 3.10.x before 3.10.13, 3.12.x before 3.12.10, and 3.14.x before 3.14.3 does not require authentication, which allows remote attackers to conduct SQL injection attacks via unspecified vectors.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11666http://koha-community.org/security-release-february-2014/http://www.openwall.com/lists/oss-security/2014/02/07/10http://www.openwall.com/lists/oss-security/2014/02/10/3