Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Koha Library before 23.05.10 fails to sanitize user-controllable filenames prior to unzipping, leading to remote code execution. The line "qx/unzip $filename -d $dirname/;" in upload-cover-image.pl is vulnerable to command injection via shell metacharacters because input data can be controlled by an attacker and is directly included in a system command, i.e., an attack can occur via malicious filenames after uploading a .zip file and clicking Process Images.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Koha Library Management System 安全漏洞
Vulnerability Description
Koha Library Management System是Koha开源的一个图书馆自动化管理系统。 Koha Library Management System 23.05.10之前版本存在安全漏洞,该漏洞源于解压前未清理用户可控的文件名,可能导致远程代码执行。
CVSS Information
N/A
Vulnerability Type
N/A