CVE-2011-4715

Published Dec 8, 2011

Last updated 7 years ago

Overview

Description: Directory traversal vulnerability in cgi-bin/koha/mainpage.pl in Koha 3.4 before 3.4.7 and 3.6 before 3.6.1, and LibLime Koha 4.2 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the KohaOpacLanguage cookie to cgi-bin/opac/opac-main.pl, related to Output.pm.
Source: cve@mitre.org
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 5
Impact score: 2.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:N/A:N

Weaknesses

nvd@nist.gov: CWE-22

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:koha:liblime_koha:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A157B981-C57E-4758-8C99-D072AA00CDC6",
            "versionEndIncluding": "4.2"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:koha:koha:3.06.00.000:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C1FF9625-8924-4AFF-BDDD-44ECDD21B652"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:koha:koha:3.04.00:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "19846DCB-7BAA-4C48-B879-4ED2133FE055"
          },
          {
            "criteria": "cpe:2.3:a:koha:koha:3.04.01:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C7890D6D-0BBD-4C78-BE9D-6C6E74CD0B43"
          },
          {
            "criteria": "cpe:2.3:a:koha:koha:3.04.02:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "52BF1075-0D4F-4615-B8DE-785ACB8146E0"
          },
          {
            "criteria": "cpe:2.3:a:koha:koha:3.04.03:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BD0160D1-0198-477B-A565-9CA5E627F0BA"
          },
          {
            "criteria": "cpe:2.3:a:koha:koha:3.04.04:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B161E81A-158C-4BEF-B1C8-DD8C94D8E48E"
          },
          {
            "criteria": "cpe:2.3:a:koha:koha:3.04.05:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6D972C41-F258-441A-AE2B-BD82322FA9B8"
          },
          {
            "criteria": "cpe:2.3:a:koha:koha:3.04.06:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "18A1B156-CC67-49EA-9311-9F3CBA205C1C"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Configurations

References