Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

mercredi 17 octobre 2018

koha up to 3.14.15/3.16.11/3.18.9/3.20.0 members/ addshelf cross site request forgery

A vulnerability, which was classified as problematic, has been found in koha up to 3.14.15/3.16.11/3.18.9/3.20.0. Affected by this issue is an unknown function of the file members/ The manipulation of the argument addshelf as part of a Parameter leads to a cross site request forgery vulnerability. Using CWE to declare the problem leads to CWE-352. Impacted is integrity. An attacker might be able force legitimate users to initiate unwanted actions within the web application.

The weakness was published 10/18/2018 as EDB-ID 37389 as uncorroborated exploit (Exploit-DB). The advisory is available at This vulnerability is handled as CVE-2015-4630 since 06/16/2015. The attack may be launched remotely. No form of authentication is required for exploitation. Technical details as well as a public exploit are known.

After immediately, there has been an exploit disclosed. The exploit is available at

Upgrading to version 3.14.16, 3.16.12, 3.18.10 or 3.20.1 eliminates this vulnerability.

Similar entries are available at 125751.



VulDB Meta Base Score: 5.3
VulDB Meta Temp Score: 4.9

VulDB Base Score: 5.3
VulDB Temp Score: 4.9
VulDB Vector: 🔒
VulDB Reliability: 🔍


VulDB Base Score: 🔒
VulDB Temp Score: 🔒
VulDB Reliability: 🔍


Class: Cross site request forgery (CWE-352)
Local: No
Remote: Yes

Availability: Yes
Access: Public
Download: 🔒

Price Prediction: 🔍
Current Price Estimation: 🔒

Threat Intelligence

Threat: 🔍
Adversaries: 🔍
Geopolitics: 🔍
Economy: 🔍
Predictions: 🔍
Actions: 🔍


Recommended: Upgrade
Status: Official fix
0-Day Time: 🔒
Exploit Delay Time: 🔍

Upgrade: koha 3.14.16/3.16.12/3.18.10/3.20.1


06/16/2015 CVE assigned
10/18/2018 Advisory disclosed
10/18/2018 Exploit disclosed
10/18/2018 EDB entry disclosed
10/19/2018 VulDB entry created
10/19/2018 VulDB last update


Advisory: EDB-ID 37389
Status: Uncorroborated
Confirmation: 🔒

CVE: CVE-2015-4630 (🔒)
See also: 🔒


Created: 10/19/2018
Complete: 🔍

Lien vers l'article source

Auteur: VulDB

Catégories: VulDBNombre de vues: 326


Événements SSI