CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2012-1468

Incomplete blacklist vulnerability in Open Journal Systems before 2.3.7 allows remote authenticated users with the Author Role permission to execute arbitrary code by uploading a file with an executable extension that is not ".php", then accessing it via a direct request to the file in submission/original/ in the associated article directory, as demonstrated using .pHp, .asp, and other extensions.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.045

EPSS Ranking 88.6%

CVSS Severity

CVSS v2 Score 6.0

References

http://pkp.sfu.ca/ojs/RELEASE-2.3.7
http://pkp.sfu.ca/support/forum/viewtopic.php?f=2&t=8431
https://www.htbridge.com/advisory/HTB23079
http://pkp.sfu.ca/ojs/RELEASE-2.3.7
http://pkp.sfu.ca/support/forum/viewtopic.php?f=2&t=8431
https://www.htbridge.com/advisory/HTB23079

Products affected by CVE-2012-1468

Pkp » Open Journal Systems » Version: Any

cpe:2.3:a:pkp:open_journal_systems:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2012-1468

Products

Pricing

Contact Us