Vulnerability in N/a

CVE-2024-36057

Koha Library before 23.05.10 fails to sanitize user-controllable filenames prior to unzipping, leading to remote code execution. The line "qx/unzip $filename -d $dirname/;" in upload-cover-image.pl is vulnerable to command injection via sh…

EPSS: 0.001 (34.0th percentile) — read the EPSS interpretation.

Affected products

  • N/a — versions n/a

References