CVE-2023-44962

MEDIUM

Koha-community Koha Library Software - Unrestricted File Upload

Title source: rule

Description

File Upload vulnerability in Koha Library Software 23.05.04 and before allows a remote attacker to read arbitrary files via the upload-cover-image.pl component.

Exploits (2)

nomisec WORKING POC

by LadyDarwe · poc

https://github.com/LadyDarwe/Links.a

View Code ZIP pw:eip

inthewild

poc

https://github.com/ggb0n/cve-2023-44962

View on inthewild

References (1)

[Exploit, Third Party Advisory] https://github.com/ggb0n/CVE-2023-44962

Scores

CVSS v3 5.3

EPSS 0.0319

EPSS Percentile 87.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

CWE

CWE-434

Status published

Products (1)

koha-community/koha_library_software < 23.05.04

Published Oct 11, 2023

Tracked Since Feb 18, 2026