CVE-2024-28739 is a critical vulnerability identified in Koha Integrated Library System (ILS) versions 23.05 and earlier. The flaw is categorized under CWE-79, indicating a Cross-Site Scripting (XSS) related issue, but in this case, it enables remote code execution (RCE) via a crafted script sent to the 'format' parameter. This parameter is likely used in web requests to control output formatting, and improper sanitization or validation allows an attacker to inject malicious code that the system executes. The vulnerability is remotely exploitable over the network without requiring authentication, though it requires user interaction, such as a user clicking a crafted link or visiting a malicious page. The CVSS v3.1 base score is 9.6, reflecting critical severity with network attack vector, low attack complexity, no privileges required, user interaction required, and scope changed, impacting confidentiality, integrity, and availability fully. The vulnerability could allow attackers to execute arbitrary commands or scripts on the server hosting Koha ILS, potentially leading to full system compromise, data exfiltration, or disruption of library services. As of the publication date, no public exploits have been reported, and no official patches or fixes have been linked. Koha ILS is an open-source library management system widely used by public, academic, and special libraries worldwide, making this vulnerability significant for institutions relying on it for cataloging, circulation, and patron management.

The impact of CVE-2024-28739 is severe for organizations using Koha ILS, as successful exploitation can lead to complete system compromise. Attackers can execute arbitrary code remotely, potentially gaining access to sensitive patron data, modifying or deleting library records, disrupting library operations, or using the compromised system as a foothold for further network attacks. The confidentiality of patron information, including personally identifiable information (PII), is at risk. Integrity of library data and availability of services can be severely affected, leading to operational downtime and loss of trust. Given Koha's deployment in educational and public institutions, the disruption could affect large user bases and critical information access. The lack of required privileges lowers the barrier for attackers, increasing the likelihood of exploitation once a working exploit is developed or disclosed. The absence of known exploits currently provides a window for proactive defense, but the critical severity demands urgent attention.

Until an official patch is released, organizations should implement the following mitigations: 1) Restrict external access to the Koha ILS web interface, especially the endpoints handling the 'format' parameter, using network segmentation, firewalls, or VPNs. 2) Implement strict input validation and sanitization on all user-supplied parameters, particularly the 'format' parameter, to block malicious scripts or code injections. 3) Employ Web Application Firewalls (WAFs) with custom rules to detect and block attempts to exploit this vulnerability. 4) Monitor logs and network traffic for unusual requests or patterns targeting the 'format' parameter or exhibiting signs of code injection attempts. 5) Educate users about the risks of clicking untrusted links or opening suspicious content that could trigger the vulnerability. 6) Prepare for rapid patch deployment once Koha releases an official fix by maintaining an up-to-date inventory of affected systems. 7) Consider temporary disabling or limiting features that utilize the vulnerable parameter if feasible. These steps go beyond generic advice by focusing on parameter-specific controls and proactive monitoring tailored to this vulnerability.