Intrusion Prevention



This indicates an attack attempt against a Directory Traversal vulnerability in Koha.
The vulnerability is caused by an error when the vulnerable software handles a http request with malicious KohaOpacLanguage cookie. A remote attacker can exploit this to gain unauthorized access to sensitive information.

Affected Products

Koha 3.4 before 3.4.7 and 3.6 before 3.6.1


Information Disclosure: Remote attacker can gain sensitive information from vulnerable systems.

Recommended Actions

Refer to the vendor's web site for suggested workaround.

CVE References