CVE-2015-4632

HIGH NUCLEI

Koha 3.14.00-3.14.15 - Path Traversal via Template Path Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2015-4632. PoCs published by Raschin Tavakoli_ Bernhard Garn_ Peter Aufner & Dimitris Simos. A Nuclei detection template is also available.

AI-analyzed exploit summary This exploit demonstrates a directory traversal vulnerability in Koha Open Source ILS, allowing remote attackers to read arbitrary files by manipulating the 'template_path' parameter in specific endpoints.

Description

Multiple directory traversal vulnerabilities in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, 3.18.x before 3.18.08, and 3.20.x before 3.20.1 allow remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the template_path parameter to (1) svc/virtualshelves/search or (2) svc/members/search.

Exploits (1)

exploitdb WORKING POC

by Raschin Tavakoli_ Bernhard Garn_ Peter Aufner & Dimitris Simos · textwebappsphp

https://www.exploit-db.com/exploits/37388

View Code ZIP pw:eip

This exploit demonstrates a directory traversal vulnerability in Koha Open Source ILS, allowing remote attackers to read arbitrary files by manipulating the 'template_path' parameter in specific endpoints.

Classification

Working Poc 100%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Koha <= 3.20.1, <= 3.18.8, <= 3.16.12

No auth needed

Prerequisites: Access to the vulnerable Koha instance

MITRE ATT&CK