Published: 23/09/2012 Updated: 20/09/2016

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

VMScore: 685

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Cross-site request forgery (CSRF) vulnerability in index/manager/fileUpload in Public Knowledge Project Open Journal Systems 2.3.6 and previous versions allows remote malicious users to hijack the authentication of administrators for requests that upload PHP files.

Vulnerable Product	Search on Vulmon	Subscribe to Product
public knowledge project open journal systems 2.3.2
public knowledge project open journal systems 2.3.1-2
public knowledge project open journal systems 2.3.0
public knowledge project open journal systems 2.2.4
public knowledge project open journal systems 1.1.7
public knowledge project open journal systems 1.1.6
public knowledge project open journal systems 1.1.5
public knowledge project open journal systems 1.1
public knowledge project open journal systems 2.3.4
public knowledge project open journal systems 2.1.1
public knowledge project open journal systems 2.1
public knowledge project open journal systems 2.0.2-1
public knowledge project open journal systems 2.0.1
public knowledge project open journal systems 2.3.3-3
public knowledge project open journal systems 2.3.3-1
public knowledge project open journal systems 2.3.2-1
public knowledge project open journal systems 2.2.3
public knowledge project open journal systems 2.2.1
public knowledge project open journal systems 1.1.10
public knowledge project open journal systems 1.1.8
public knowledge project open journal systems 1.0.1
public knowledge project open journal systems
public knowledge project open journal systems 2.3.3-2
public knowledge project open journal systems 2.3.3
public knowledge project open journal systems 2.2.2
public knowledge project open journal systems 2.2
public knowledge project open journal systems 2.0
public knowledge project open journal systems 1.1.9
public knowledge project open journal systems 1.0
public knowledge project open journal systems 2.3.5

#!/usr/bin/python # # Open Conference/Journal/Harvester Systems <= 23X multiple remote code execution vulnerabilities # vendor_________: Public Knowledge Project (pkp) -pkpsfuca/ # software link__: pkpsfuca/download # author_________: mr_me::rwx kru # email__________: steventhomasseeley!gmail!com # tested on______: the interw ...

CWE-352 http://www.exploit-db.com/exploits/18266 http://secunia.com/advisories/47330 http://osvdb.org/77995 https://nvd.nist.gov https://www.exploit-db.com/exploits/18266/

CVE-2011-5196

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect