https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=42361
David Cook <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- Summary|SQL Injection in |[CVE-2026-6428] SQL |reports/catalogue_out.pl |Injection in |via Filter parameter |reports/catalogue_out.pl |(error-based, triggered |via Filter parameter |when Criteria matches |(error-based, triggered |/branchcode/) |when Criteria matches | |/branchcode/) --- Comment #28 from David Cook <[email protected]> --- (In reply to Sanjarbiy from comment #27) > CVE-2026-6428 has been assigned and published for this issue via > TuranSecurity (a CVE Numbering Authority). Public record: > https://www.cve.org/CVERecord?id=CVE-2026-6428 . Thanks to David and > Jonathan for the fix and review. Thanks, Sanjar, for reporting the issue and respecting our process. I recognise the name Turan Security. We've had other reports from employees/former employees from there. Very happy to keep working with you on the issues you report. -- You are receiving this mail because: You are watching all bug changes. _______________________________________________ Koha-bugs mailing list [email protected] https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
