CVE-2022-0495

The library automation system product KOHA developed by Parantez Teknoloji before version 19.05.03 has an unauthenticated SQL Injection vulnerability. This has been fixed in the version 19.05.03.01.

critical 9.4 CVSS 3.1

Published: Sep 21, 2022

Modified: May 20, 2026

Description

References

https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-22-0635
https://www.usom.gov.tr/bildirim/tr-22-0635
https://www.usom.gov.tr/bildirim/tr-22-0635

CVSS Breakdown

Version	3.1
Score	9.4 / 10
Severity	critical

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

Weakness (CWE)

CWE-89

Affected Product

Vendor	Parantezteknoloji
Product	Koha Library Automation