← Volver a CVEs
CVE-2024-24337
HIGH8.0
Descripcion
CSV Injection vulnerability in '/members/moremember.pl' and '/admin/aqbudgets.pl' endpoints in Koha Library Management System version 23.05.05 and earlier allows attackers to to inject DDE commands into csv exports via the 'Budget' and 'Patrons Member' components.
Detalles CVE
Puntuacion CVSS v3.18.0
SeveridadHIGH
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosLOW
Interaccion usuarioREQUIRED
Publicado2/12/2024
Ultima modificacion9/29/2025
Fuentenvd
Avistamientos honeypot0
Productos afectados
koha:koha
Debilidades (CWE)
CWE-1236CWE-1236
Referencias
https://nitipoom-jar.github.io/CVE-2024-24337/(cve@mitre.org)
https://nitipoom-jar.github.io/CVE-2024-24337/(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.