Skip to main content
ExLibris

Knowledge Assistant

BETA
  • Subscribe by RSS
  • Back
    Aleph

     

    Ex Libris Knowledge Center
    1. Search site
      Go back to previous article
      1. Sign in
        • Sign in
        • Forgot password
    1. Home
    2. Aleph
    3. Knowledge Articles
    4. CVE-2014-3719: SQL Injection Vulnerability in Aleph

    CVE-2014-3719: SQL Injection Vulnerability in Aleph

    1. Last updated
    2. Save as PDF
    3. Share
      1. Share
      2. Tweet
      3. Share
    1. Question
    2. Answer
    • Article Type: Q&A
    • Product: Aleph
    • Product Version: 20

    Question

    We found the following security report CVE-2014-3719 regarding Aleph:
    http://packetstormsecurity.com/files/126635/Aleph-500-SQL-Injection.html published on May 16, 2014.

    Could you provide any information that you have related to this? Is this something that we should be concerned about?

    Answer

    Our Security Office has reviewed the SQL Injection issue with Aleph Development, and they have determined that Aleph 20 is not affected by this vulnerability.

    We are aware that some Aleph customers use the cgi-bin directory to run scripts using the Apache platform ( http://httpd.apache.org/docs/2.2/howto/cgi.html ). We are aware of two specific scripts (review_m.cgi and tag_m.cgi) that are affected, but the Aleph “out of the box” software does not provide these scripts, therefore it is not an Aleph vulnerability.


    • Article last edited: 8/4/2014
    View article in the Exlibris Knowledge Center
    1. Back to top
      • CVE-2014-3718: Cross Site Scripting in Aleph
      • CVE-2014-6271 (shellshock bash bug) and /exlibris/product/util/bash
    • Was this article helpful?

    Recommended articles

    1. Article type
      Topic
      Language
      English
      Product
      Aleph
    2. Tags
      1. 20
      2. contype:kba
      3. Prod:Aleph
      4. Type:Q&A
    1. © Copyright 2025 Ex Libris Knowledge Center
    2. Powered by CXone Expert ®
    • Term of Use
    • Privacy Policy
    • Contact Us
    2025 Ex Libris. All rights reserved