CVE-2023-44961

Name of the Vulnerable Software and Affected Versions Koha Library Software versions 23.0.5.04 and before

Description The issue allows a remote attacker to obtain sensitive information via the "intranet/cgi-bin/cataloging/ysearch.pl" component. This is a SQL Injection vulnerability.

Recommendations For versions 23.0.5.04 and before, update to a version later than 23.0.5.04 to resolve the issue. As a temporary workaround, consider restricting access to the "intranet/cgi-bin/cataloging/ysearch.pl" component until a patch is available.