Febin

**Name of the Vulnerable Software and Affected Versions** Koha ILS versions 23.05 and earlier **Description** The issue allows a remote attacker to execute arbitrary code via a crafted script to the `format` parameter. **Recommendations** For versions 23.05 and earlier, update to a version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Koha ILS versions 23.05 and earlier **Description** The issue allows a remote attacker to execute arbitrary code. This is achieved via the additonal-contents.pl component. **Recommendations** For versions 23.05 and earlier, consider disabling access to the additonal-contents.pl component until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Filebrowser versions prior to 2.18.0 **Description** A Cross-Site Request Forgery vulnerability exists in Filebrowser that allows attackers to create a backdoor user with admin privilege and get access to the filesystem via a malicious HTML webpage that is sent to the victim. This can lead to Remote Code Execution (RCE) as an admin can run commands using the FileBrowser. **Recommendations** For versions prior to 2.18.0, update to version 2.18.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the FileBrowser to minimize the risk of exploitation.