Floragasse 7 – 5th floor, 1040 Vienna


Researchers of SBA Research found several critical security vulnerabilities in the Koha Library software via Combinatorial Testing

Raschin Tavakoli, Bernhard Garn, Peter Aufner and Dimitris Simos of the Combinatorial Security Testing Team of SBA Research found several critical security vulnerabilities in the Koha Library Software. The vulnerabilities involve a variety of serious issues like unauthenticated SQL Injection, Local File Inclusions, XSS and XRFS which allow remote attackers to completely compromise the web application and web server. After a full disclosure to the community the development team of Koha fixed all issues and published a security release. SBA Research would like to thank Chris Cormack and his team.

Koha is a leading open source Integrated Libray Systen (ILS), used world-wide by thousands of public, school and special libraries. It has an active community and several commercial supporters like LibLime, ByWaterSolutionsand and BibLibre. Famous Koha users include the Museum of Natural History in Vienna, the UNIDO library and the Spanish Ministry of Culture.

More details can be found at:



This Website uses Cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.