CVE-2015-4632

Published: 2018-10-18T21:29Z

Last Modified: 2024-11-21T02:31Z

Source: MITRE CVE List

License: MITRE-CVE-TOS

Multiple directory traversal vulnerabilities in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, 3.18.x before 3.18.08, and 3.20.x before 3.20.1 allow remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the template_path parameter to (1) svc/virtualshelves/search or (2) svc/members/search. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt