[FD] SBA Research Vulnerability Disclosure - Multiple Critical Vulnerabilities in Koha ILS

=============================================================================================== SBA Research Vulnerability Disclosure  =============================================================================================== title: Koha Unauthenticated SQL injection product:         Koha ILS affected version: 3.20.x <= 3.20.1, 3.18.x <= 3.18.8, 3.16.x <= 3.16.12 fixed version: 3.20.1, 3.17.8, 3.16.12 CVE numbers: CVE-2015-4633, CVE-2015-4632, CVE-2015-4631 impact: critical website:         http://ift.tt/1Jm1WM2 found by:         Raschin Tavakoli / SBA Research Combinatorial Security Testing Group contact:         cst@sba-research.org References: http://ift.tt/1FDcmzb         http://ift.tt/1Jm1WM3         http://ift.tt/1FDcmzd         http://ift.tt/1Jm1VI0         http://ift.tt/1FDcmPL         http://ift.tt/1Jm1VI2         http://ift.tt/1FDcmPN         http://ift.tt/1Jm1WM9         ​http://ift.tt/1FDcn61 =============================================================================================== ========================= 1. Mutiple SQL Injections ========================= + ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + + a) Unauthenticated SQL Injection in OPAC interface (CVE-2015-4633)   + + ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + Vulnerability:

Source: Gmail -> IFTTT-> Blogger