Web application abuses : Koha < 4.5 Build 4500 LFI Vulnerability

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.902593

Categoría: Web application abuses

Título: Koha < 4.5 Build 4500 LFI Vulnerability - Active Check

Resumen: Koha is prone to local file inclusion (LFI) vulnerability.

Descripción: Summary:
Koha is prone to local file inclusion (LFI) vulnerability.

Vulnerability Insight:
The flaw is due to the cgi-bin/opac/opac-main.pl script not
properly sanitizing user input supplied to the cgi-bin/koha/mainpage.pl script via the
'KohaOpacLanguage' cookie. This can be exploited to include arbitrary files from local resources
via directory traversal attacks and URL-encoded NULL bytes.

Vulnerability Impact:
Successful exploitation will allow remote attackers to obtain
potentially sensitive information and execute arbitrary local scripts in the context of the web
server process.

Affected Software/OS:
Koha version 4.02.06 and prior.

Solution:
Update to version 4.5 Build 4500 or later.

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2011-4715
BugTraq ID: 50812
http://www.securityfocus.com/bid/50812
http://www.exploit-db.com/exploits/18153
http://www.vigasis.com/en/?guncel_guvenlik=LibLime%20Koha%20%3C=%204.2%20Local%20File%20Inclusion%20Vulnerability&lnk=exploits/18153
http://osvdb.org/77322
http://secunia.com/advisories/46980
XForce ISS Database: liblimekoha-opacmain-file-include(71478)
https://exchange.xforce.ibmcloud.com/vulnerabilities/71478

Copyright Copyright (C) 2011 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.902593
Categoría:	Web application abuses
Título:	Koha < 4.5 Build 4500 LFI Vulnerability - Active Check
Resumen:	Koha is prone to local file inclusion (LFI) vulnerability.
Descripción:	Summary: Koha is prone to local file inclusion (LFI) vulnerability. Vulnerability Insight: The flaw is due to the cgi-bin/opac/opac-main.pl script not properly sanitizing user input supplied to the cgi-bin/koha/mainpage.pl script via the 'KohaOpacLanguage' cookie. This can be exploited to include arbitrary files from local resources via directory traversal attacks and URL-encoded NULL bytes. Vulnerability Impact: Successful exploitation will allow remote attackers to obtain potentially sensitive information and execute arbitrary local scripts in the context of the web server process. Affected Software/OS: Koha version 4.02.06 and prior. Solution: Update to version 4.5 Build 4500 or later. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2011-4715 BugTraq ID: 50812 http://www.securityfocus.com/bid/50812 http://www.exploit-db.com/exploits/18153 http://www.vigasis.com/en/?guncel_guvenlik=LibLime%20Koha%20%3C=%204.2%20Local%20File%20Inclusion%20Vulnerability&lnk=exploits/18153 http://osvdb.org/77322 http://secunia.com/advisories/46980 XForce ISS Database: liblimekoha-opacmain-file-include(71478) https://exchange.xforce.ibmcloud.com/vulnerabilities/71478
Copyright	Copyright (C) 2011 Greenbone AG