CVE-2024-36058 | THREATINT

Description

The Send Basket functionality in Koha Library before 23.05.10 is susceptible to Time-Based SQL Injection because it fails to sanitize the POST parameter bib_list in /cgi-bin/koha/opac-sendbasket.pl, allowing library users to read arbitrary data from the database.

PUBLISHED Reserved 2024-05-19 | Published 2026-04-07 | Updated 2026-04-09 | Assigner mitre

References

gitlab.com/...x/misc/release_notes/release_notes_23_05_10.md

gitlab.com/...x/misc/release_notes/release_notes_23_05_11.md

koha-community.org/koha-22-05-22-released/

github.com/hacklantic/Research/tree/main/CVE-2024-36058

cve.org (CVE-2024-36058)

nvd.nist.gov (CVE-2024-36058)

Download JSON