Published: 06/09/2012 Updated: 07/09/2012

CVSS v2 Base Score: 6 | Impact Score: 6.4 | Exploitability Score: 6.8

VMScore: 605

Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P

Incomplete blacklist vulnerability in Open Journal Systems prior to 2.3.7 allows remote authenticated users with the Author Role permission to execute arbitrary code by uploading a file with an executable extension that is not ".php", then accessing it via a direct request to the file in submission/original/ in the associated article directory, as demonstrated using .pHp, .asp, and other extensions.

Vulnerable Product	Search on Vulmon	Subscribe to Product
pkp open journal systems

source: wwwsecurityfocuscom/bid/52666/info Open Journal Systems is prone to following multiple vulnerabilities because the software fails to sufficiently sanitize user-supplied input: 1 An arbitrary-file-deletion vulnerability 2 A security vulnerability 3 An arbitrary-file-upload vulnerability 4 Multiple cross-site scripting vu ...

Open Journal Systems version 236 suffers from file manipulation, cross site scripting, and shell upload vulnerabilities ...

NVD-CWE-Other http://pkp.sfu.ca/ojs/RELEASE-2.3.7 https://www.htbridge.com/advisory/HTB23079 http://pkp.sfu.ca/support/forum/viewtopic.php?f=2&t=8431 https://nvd.nist.gov https://www.exploit-db.com/exploits/37001/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2012-1468

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect