SSRF in Koha version ≤ 25.11 (CVE-2026-26379) Description and Impact Type Affected Version ?-day SSRF ≤25.11 (latest) 0-day Steps to Reproduce First, from the Dashboard interface, go to Koha Administration → Z39.50/SRU servers: Select + New Z39.50 server Assume the internal network is hosting an application on port 8888: nc -nvlp 8888 Fill in the information as follows: Save. Go to http://192.168.116.130:8080/cgi-bin/koha/cataloguing/z3950_search.pl and fill in the information as shown in the image:

Cross-Site Scripting via File Upload in Koha (CVE-2026-26378) Description and Impact Type Version Affected ?-day XSS via File Upload ≤ 25.11 (latest) 0-day Steps to Reproduce First, create an arbitrary vendor (if one already exists, skip this step): Vendor ABC was successfully created. Access Receive Shipments to create a new Invoice: Successfully created an Invoice with invoiceid=3 : Then, access the URL: cgi-bin/koha/acqui/invoice-files.pl?invoiceid=3 : Proceed to upload an SVG file containing the XSS payload as follows:

Stored XSS in Koha version ≤25.11 (CVE-2026-26377) Description and Impact Type Version Affected Required Authentication ?-day Stored XSS ≤ 25.11 Yes 0-day This vulnerability poses a critical risk as the malicious payload is saved on the server, affecting multiple users without requiring social engineering. Successful exploitation permits attackers to exfiltrate sensitive data, impersonate high-privileged users (Administrator account takeover), and compromise the confidentiality and integrity of the application. Steps to Reproduce (Tesing on Koha version 25.

Blind SQL Injection at Rouyi framework ≤ v4.7.9 1. Description and Impact The Blind SQL Injection vulnerability occurs in the file com/ruoyi/generator/controller/GenController specifically at the endpoint /tool/gen/createTable. Manipulating this file allows an attacker to execute arbitrary SQL commands, which can endanger the security, integrity, and availability of the system. SQL injection vulnerability in /tool/gen/createTable in Ruoyi Framework at version ≤ 4.7.9 allows attackers to execute arbitrary SQL commands via the sql parameter.

SQL Injection at Rouyi framework (CVE-2022-4566) 1. Description and Impact CVE-2022-4566 is a critical vulnerability identified in the RuoYi Framework. This vulnerability occurs in the file com/ruoyi/generator/controller/GenController and is related to SQL injection attacks. Manipulating this file allows an attacker to execute arbitrary SQL commands, potentially compromising the security, integrity, and availability of the system. Type Required Authentication ?-day CVSS Version Affected SQL Injection Yes n-day 9.8 (NIST) ≤ 4.7.5 2.

Description Link challenge tại đây Step Đây là giao diện chính của challenge: Đọc source code ta có thể thấy ứng dụng chạy bằng Ruby và sử dụng ERB template để render. Đây có thể là một bài SSTI Ruby ERB Template. Ngoài ra input còn bị regrex match với tất cả kí tự từ 0 tới 9, từ a tới z. Ở đây regex sẽ chỉ match từ đầu tới cuối ở trong một dòng, tức là nếu chèn vào một string bất kì rồi dùng ký tự new line (\n) để xuống dòng, rồi chèn vào payload SSTI thì sẽ exploit thành công.