What is CVE-2015-4632?

CVE-2015-4632 is a vulnerability in N/a. Published 2018-10-18.

Is CVE-2015-4632 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2015-4632

Multiple directory traversal vulnerabilities in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, 3.18.x before 3.18.08, and 3.20.x before 3.20.1 allow remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the te…

EPSS: 0.771 (99.0th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

References

packetstormsecurity.com/files/132458/Koha-ILS-3.20.x-CSRF-XSS-Traversal-SQL-Inj… (x_refsource_MISC)
www.sba-research.org/2015/06/24/researchers-of-sba-research-found-several-criti… (x_refsource_MISC)
bugs.koha-community.org/bugzilla3/show_bug.cgi (x_refsource_CONFIRM)
koha-community.org/security-release-koha-3-16-12/ (x_refsource_CONFIRM)
20150625 SBA Research Vulnerability Disclosure - Multiple Critical Vulnerabilities in Koha ILS (mailing-list, x_refsource_FULLDISC)
koha-community.org/security-release-koha-3-18-8/ (x_refsource_CONFIRM)
koha-community.org/security-release-koha-3-20-1/ (x_refsource_CONFIRM)
37388 (exploit, x_refsource_EXPLOIT-DB)
koha-community.org/koha-3-14-16-released/ (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2015-4632?: CVE-2015-4632 is a vulnerability in N/a. Published 2018-10-18.
Is CVE-2015-4632 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.