CVE-2015-4633

CRITICAL

Koha 3.14.00-3.14.15 - SQL Injection via OPAC Tags Subject Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2015-4633. PoCs published by Raschin Tavakoli_ Bernhard Garn_ Peter Aufner & Dimitris Simos.

AI-analyzed exploit summary This is a detailed writeup describing an unauthenticated SQL injection vulnerability in Koha's OPAC module, specifically in the 'number' parameter of the /cgi-bin/koha/opac-tags_subject.pl script. It includes a proof-of-concept using sqlmap to extract database information, such as superlibrarian credentials.

Description

Multiple SQL injection vulnerabilities in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, 3.18.x before 3.18.08, and 3.20.x before 3.20.1 allow (1) remote attackers to execute arbitrary SQL commands via the number parameter to opac-tags_subject.pl in the OPAC interface or (2) remote authenticated users to execute arbitrary SQL commands via the Filter or (3) Criteria parameter to reports/borrowers_out.pl in the Staff interface.

Exploits (1)

exploitdb WRITEUP

by Raschin Tavakoli_ Bernhard Garn_ Peter Aufner & Dimitris Simos · textwebappsphp

https://www.exploit-db.com/exploits/37387

View Code ZIP pw:eip

This is a detailed writeup describing an unauthenticated SQL injection vulnerability in Koha's OPAC module, specifically in the 'number' parameter of the /cgi-bin/koha/opac-tags_subject.pl script. It includes a proof-of-concept using sqlmap to extract database information, such as superlibrarian credentials.

Classification

Writeup 100%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: Koha (3.20.x <= 3.20.1, 3.18.x <= 3.18.8, 3.16.x <= 3.16.12)

No auth needed

Prerequisites: Access to the vulnerable Koha instance · sqlmap or similar SQL injection tool

MITRE ATT&CK