[Koha-bugs] [Bug 6641] New: Specially crafted URL can allow unauthorized download of MARC files from staff client

bugzilla-daemon Thu, 28 Jul 2011 08:51:17 -0700

http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=6641


             Bug #: 6641
           Summary: Specially crafted URL can allow unauthorized download
                    of MARC files from staff client
    Classification: Unclassified
 Change sponsored?: ---
           Product: Koha
           Version: rel_3_6
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: major
          Priority: P5
         Component: Staff Client
        AssignedTo: [email protected]
        ReportedBy: [email protected]
         QAContact: [email protected]
                CC: [email protected]


http://staff.client.url/cgi-bin/koha/catalogue/export.pl?format=utf8&op=export&bib=4224
(as an example) would allow unauthorized users to download MARC files from the
staff side of the ILS. It might be possible to DOS the staff client using this.

The same functionality is available from the OPAC, the download functionality
should only be available from the staff client when a user is logged in.

-- 
Configure bugmail: 
http://bugs.koha-community.org/bugzilla3/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA Contact for the bug.
_______________________________________________
Koha-bugs mailing list
[email protected]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 6641] New: Specially crafted URL can allow unauthorized download of MARC files from staff client

Reply via email to