2024-02-12 00:00:00
mitre
PUBLISHED
CSV Injection vulnerability in /members/moremember.pl and /admin/aqbudgets.pl endpoints in Koha Library Management System version 23.05.05 and earlier allows attackers to to inject DDE commands into csv exports via the Budget and Patrons Member components.