- Description
- Koha before 24.11.02 allows admins to execute arbitrary commands via shell metacharacters in the tools/scheduler.pl report parameter.
- Source
- cve@mitre.org
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 7.7
- Impact score
- 5.8
- Exploitability score
- 1.3
- Vector string
- CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N
- Severity
- HIGH
- cve@mitre.org
- CWE-78
- Hype score
- Not currently trending
🚨 CVE-2025-30076 🔴 HIGH (7.7) 🏢 Koha - Koha 🏗️ 0 🔗 https://t.co/wtUvlWatfD 🔗 https://t.co/JHIcRM74bk #CyberCron #VulnAlert #InfoSec https://t.co/F5Y8gYG8RT
@cybercronai
16 Mar 2025
265 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
1 Quote
New post from https://t.co/uXvPWJyEiR (CVE-2025-30076 | Koha up to 22.11.23/23.11.11/24.05.06/24.11.01 tools/scheduler.pl report os command injection) has been published on https://t.co/pVjYrmiX4a
@WolfgangSesin
16 Mar 2025
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes