CVE-2022-0495 An unauthenticated SQL Injection vulnerability in KOHA developed by Parantez Teknoloji before version 19.05.03.

In the koha_admin/plugins/edit_form.php, the blog_post_post_types array has a NULL value as shown in the below code.

?php if (isset($blog_post_post_types)) { $blog_post_post_types = $blog_post_post_types; } ?>

It’s recommended to update this library immediately.

Timeline

Published on: 09/21/2022 09:15:00 UTC
Last modified on: 09/23/2022 17:54:00 UTC

References

• https://www.usom.gov.tr/bildirim/tr-22-0635
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0495