Summary
The host is running LibLime Koha and is prone to local file inclusion vulnerability.
Impact
Successful exploitation will allow remote attackers to obtain potentially sensitive information and execute arbitrary local scripts in the context of the Web server process.
Impact Level: Application
Solution
Upgrade to version 4.5 Build 4500 or higher,
For updates refer to http://www.koha.org
Insight
The flaw is due to the cgi-bin/opac/opac-main.pl script not properly sanitizing user input supplied to the cgi-bin/koha/mainpage.pl script via the 'KohaOpacLanguage' cookie. This can be exploited to include arbitrary files from local resources via directory traversal attacks and URL-encoded NULL bytes.
Affected
LibLime Koha versions 4.02.06 and prior.
References
Severity
Classification
-
CVE CVE-2011-4715 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- Aker Secure Mail Gateway Cross-Site Scripting Vulnerability
- Andromeda Streaming MP3 Server Cross Site Scripting Vulnerability
- Aardvark Topsites PHP 'index.php' Multiple Cross Site Scripting Vulnerabilities
- aeNovo Database Content Disclosure Vulnerability
- Afian 'includer.php' Directory Traversal Vulnerability