First published: Mon Feb 12 2024(Updated: )
CSV Injection vulnerability in '/members/moremember.pl' and '/admin/aqbudgets.pl' endpoints in Koha Library Management System version 23.05.05 and earlier allows attackers to to inject DDE commands into csv exports via the 'Budget' and 'Patrons Member' components.
Credit: cve@mitre.org
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.