Koha: >> Koha >> 23.05.04 Security Vulnerabilities
CSV Injection vulnerability in '/members/moremember.pl' and '/admin/aqbudgets.pl' endpoints in Koha Library Management System version 23.05.05 and earlier allows attackers to to inject DDE commands into csv exports via the 'Budget' and 'Patrons Member' components.
CVSS Score
8.0
EPSS Score
0.017
Published
2024-02-12