=============================================================================================== SBA Research Vulnerability Disclosure =============================================================================================== title: Koha Unauthenticated SQL injection product: Koha ILS affected version: 3.20.x <= 3.20.1, 3.18.x <= 3.18.8, 3.16.x <= 3.16.12 fixed version: 3.20.1, 3.17.8, 3.16.12 CVE numbers: CVE-2015-4633, CVE-2015-4632, CVE-2015-4631 impact: critical website: http://ift.tt/1Jm1WM2 found by: Raschin Tavakoli / SBA Research Combinatorial Security Testing Group contact: cst@sba-research.org References: http://ift.tt/1FDcmzb http://ift.tt/1Jm1WM3 http://ift.tt/1FDcmzd http://ift.tt/1Jm1VI0 http://ift.tt/1FDcmPL http://ift.tt/1Jm1VI2 http://ift.tt/1FDcmPN http://ift.tt/1Jm1WM9 http://ift.tt/1FDcn61 =============================================================================================== ========================= 1. Mutiple SQL Injections ========================= + ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + + a) Unauthenticated SQL Injection in OPAC interface (CVE-2015-4633) + + ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + Vulnerability:
Source: Gmail -> IFTTT-> Blogger
No comments:
Post a Comment