Koha Community Koha vulnerabilities
2 known vulnerabilities affecting koha_community/koha.
Total CVEs
2
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH1
Vulnerabilities
Page 1 of 1
CVE-2015-4633P2CRITICALCVSS 9.8PoCfixed in 22.11.38≥ 23.05.00, ≤ 23.11.15+4 more2018-10-18
CVE-2015-4633 [CRITICAL] CWE-89 CVE-2015-4633: Multiple SQL injection vulnerabilities in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, 3.18.x
Multiple SQL injection vulnerabilities in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, 3.18.x before 3.18.08, and 3.20.x before 3.20.1 allow (1) remote attackers to execute arbitrary SQL commands via the number parameter to opac-tags_subject.pl in the OPAC interface or (2) remote authenticated users to execute arbitrary SQL commands via the Filt
nvd
CVE-2026-31844P3HIGHCVSS 8.8≥ 24.11.0, < 24.11.12≥ 25.05.0, < 25.05.07+1 more2026-03-11
CVE-2026-31844 [HIGH] CWE-89 CVE-2026-31844: An authenticated SQL Injection vulnerability (CWE-89) exists in the Koha staff interface in the /cgi
An authenticated SQL Injection vulnerability (CWE-89) exists in the Koha staff interface in the /cgi-bin/koha/suggestion/suggestion.pl endpoint due to improper validation of the displayby parameter used by the GetDistinctValues functionality. A low-privileged staff user can inject arbitrary SQL queries via crafted requests to this parameter, allowing e
nvd