CVE-2024-36058

216.73.217.22

· Published 07/04/2026 17:16 · Modified 08/04/2026 21:27

Labels: CVE-2024-36058 2026-04-07 CVE-2024-36058 [email protected]

Essential information

Published: 07/04/2026 17:16
Modified: 08/04/2026 21:27
Author: —
Creator: —
CISA KEV: No
CWE: —
CVSS vector

Description

The Send Basket functionality in Koha Library before 23.05.10 is susceptible to Time-Based SQL Injection because it fails to sanitize the POST parameter bib_list in /cgi-bin/koha/opac-sendbasket.pl, allowing library users to read arbitrary data from the database.

NVD status

Status: Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source: [email protected]
NVD: View on NVD

Affected products (CPE)

Product	CPE
koha / koha	`cpe:2.3:a:koha:koha:<23.05.10::::::`

CVE-2024-36058

Essential information

Description

NVD status

Affected products (CPE)

References