CVE-2025-22954
CRITICALKoha < 24.11.02 - SQL Injection via lateissues-export.pl supplierid or serialid Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2025-22954. PoCs published by RandomRobbieBF.
AI-analyzed exploit summary This repository contains a proof of concept for CVE-2025-22954, a critical SQL injection vulnerability in Koha before version 24.11.02. The vulnerability exists in the `GetLateOrMissingIssues` function in `C4/Serials.pm` and can be exploited via the `supplierid` or `serialid` parameters.
Description
GetLateOrMissingIssues in C4/Serials.pm in Koha before 24.11.02 allows SQL Injection in /serials/lateissues-export.pl via the supplierid or serialid parameter.
Exploits (1)
This repository contains a proof of concept for CVE-2025-22954, a critical SQL injection vulnerability in Koha before version 24.11.02. The vulnerability exists in the `GetLateOrMissingIssues` function in `C4/Serials.pm` and can be exploited via the `supplierid` or `serialid` parameters.
References (2)
Scores
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H