CVE-2024-24337
- Source
- https://cve.org/CVERecord?id=CVE-2024-24337
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-24337.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-24337
- Published
- 2024-02-12T22:15:08.430Z
- Modified
- 2026-04-10T05:09:48.247124Z
- Severity
-
- 8.0 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
CSV Injection vulnerability in '/members/moremember.pl' and '/admin/aqbudgets.pl' endpoints in Koha Library Management System version 23.05.05 and earlier allows attackers to to inject DDE commands into csv exports via the 'Budget' and 'Patrons Member' components.
- References
Affected packages
Git / github.com/koha-community/koha
Affected versions
Other
R_1-2-2RC4
R_1-3-0
R_1-3-1
R_1-3-2
R_1-3-3
R_1-9-0
R_1-9-1
R_1-9-2
R_1-9-3
R_2-0-0RC1
R_2-0-0pre1
R_2-0-0pre2
R_2-0-0pre3
R_2-0-0pre4
R_2-0-0pre5
R_2-1
R_2-4
v16.*
v16.05.00
v16.05.00-beta
v16.11.00
v17.*
v17.05.00
v17.11.00
v18.*
v18.05.00
v18.05.00-rc1
v18.11.00
v19.*
v19.05.00
v19.11.00
v20.*
v20.05.00
v20.11.00
v21.*
v21.05.00
v21.11.00
v22.*
v22.05.00
v22.11.00
v23.*
v23.05.00
v23.05.01
v23.05.02
v23.05.03
v23.05.04
v23.05.05
v3.*
v3.00.00
v3.00.00-alpha
v3.00.00-beta
v3.00.00-beta2
v3.00.00-stableRC1
v3.02.00-alpha
v3.02.00-alpha2
v3.02.00-beta
v3.04.00
v3.08.00
v3.12.00-alpha
v3.12.00-alpha2
v3.12.00-beta1
v3.14.00-alpha1
v3.14.00-alpha2
v3.14.00-beta
v3.16.00
v3.16.00-beta
v3.16.00-rc
v3.18.00
v3.18.00-beta
v3.20.00
v3.20.00-beta
v3.22.00
v3.22.00-beta