[Bug 42361] [CVE-2026-6428] SQL Injection in reports/catalogue_out.pl via Filter parameter (error-based, triggered when Criteria matches /branchcode/)
15 Jun
2026
15 Jun
'26
3:14 a.m.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=42361 --- Comment #29 from David Cook <dcook@prosentient.com.au> --- (In reply to Sanjarbiy from comment #27)
CVE-2026-6428 has been assigned and published for this issue via TuranSecurity (a CVE Numbering Authority). Public record: https://www.cve.org/CVERecord?id=CVE-2026-6428 . Thanks to David and Jonathan for the fix and review.
I also meant to say good job on the CVE entry. I'm glad to see that it has a reference back here and covers the affected versions. -- You are receiving this mail because: You are watching all bug changes.
30
Age (days ago)
30
Last active (days ago)
0 comments
1 participants
participants (1)
-
bugzilla-daemon@bugs.koha-community.org