CVE-2015-10091

Name of the Vulnerable Software and Affected Versions ByWater Solutions bywater-koha-xslt (affected versions not specified)

Description A critical vulnerability has been found in ByWater Solutions bywater-koha-xslt, affecting the StringSearch function of the file admin/systempreferences.pl. The manipulation of the name argument leads to SQL injection. The attack can be initiated remotely. The product uses continuous delivery with rolling releases, and therefore, no version details of affected or updated releases are available.

Recommendations Apply a patch to fix this issue, specifically the patch identified as 9513b93c828dfbc4413f9e0df63647401aaf4e58. As a temporary workaround, consider restricting access to the StringSearch function in the admin/systempreferences.pl file until the patch is applied.