Vulnerability Details CVE-2019-19909
An issue was discovered in Public Knowledge Project (PKP) pkp-lib before 3.1.2-2, as used in Open Journal Systems (OJS) before 3.1.2-2. Code injection can occur in the OJS report generator if an authenticated Journal Manager user visits a crafted URL, because unserialize is used.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.009
EPSS Ranking 74.3%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 6.8
References
Products affected by CVE-2019-19909
-
cpe:2.3:a:sfu:open_journal_system:2.0.0-0
-
cpe:2.3:a:sfu:open_journal_system:2.0.1-0
-
cpe:2.3:a:sfu:open_journal_system:2.0.2-0
-
cpe:2.3:a:sfu:open_journal_system:2.0.2-1
-
cpe:2.3:a:sfu:open_journal_system:2.1
-
cpe:2.3:a:sfu:open_journal_system:2.1.0-0
-
cpe:2.3:a:sfu:open_journal_system:2.1.0-1
-
cpe:2.3:a:sfu:open_journal_system:2.1.1
-
cpe:2.3:a:sfu:open_journal_system:2.1.1-0
-
cpe:2.3:a:sfu:open_journal_system:2.2.0-0
-
cpe:2.3:a:sfu:open_journal_system:2.2.0-b1
-
cpe:2.3:a:sfu:open_journal_system:2.2.0-b2
-
cpe:2.3:a:sfu:open_journal_system:2.2.1-0
-
cpe:2.3:a:sfu:open_journal_system:2.2.1-b1
-
cpe:2.3:a:sfu:open_journal_system:2.2.2
-
cpe:2.3:a:sfu:open_journal_system:2.2.2-0
-
cpe:2.3:a:sfu:open_journal_system:2.2.3
-
cpe:2.3:a:sfu:open_journal_system:2.2.3-0
-
cpe:2.3:a:sfu:open_journal_system:2.2.4-0
-
cpe:2.3:a:sfu:open_journal_system:2.3.0-0
-
cpe:2.3:a:sfu:open_journal_system:2.3.1-0
-
cpe:2.3:a:sfu:open_journal_system:2.3.1-1
-
cpe:2.3:a:sfu:open_journal_system:2.3.1-2
-
cpe:2.3:a:sfu:open_journal_system:2.3.2-0
-
cpe:2.3:a:sfu:open_journal_system:2.3.2-1
-
cpe:2.3:a:sfu:open_journal_system:2.3.3-0
-
cpe:2.3:a:sfu:open_journal_system:2.3.3-1
-
cpe:2.3:a:sfu:open_journal_system:2.3.3-2
-
cpe:2.3:a:sfu:open_journal_system:2.3.3-3
-
cpe:2.3:a:sfu:open_journal_system:2.3.4-0
-
cpe:2.3:a:sfu:open_journal_system:2.3.5-0
-
cpe:2.3:a:sfu:open_journal_system:2.3.6-0
-
cpe:2.3:a:sfu:open_journal_system:2.3.7-0
-
cpe:2.3:a:sfu:open_journal_system:2.3.8-0
-
cpe:2.3:a:sfu:open_journal_system:2.4.0-0
-
cpe:2.3:a:sfu:open_journal_system:2.4.1-0
-
cpe:2.3:a:sfu:open_journal_system:2.4.2-0
-
cpe:2.3:a:sfu:open_journal_system:2.4.3
-
cpe:2.3:a:sfu:open_journal_system:2.4.3-0
-
cpe:2.3:a:sfu:open_journal_system:2.4.4-0
-
cpe:2.3:a:sfu:open_journal_system:2.4.4-1
-
cpe:2.3:a:sfu:open_journal_system:2.4.5-0
-
cpe:2.3:a:sfu:open_journal_system:2.4.6-0
-
cpe:2.3:a:sfu:open_journal_system:2.4.7-0
-
cpe:2.3:a:sfu:open_journal_system:2.4.7-1
-
cpe:2.3:a:sfu:open_journal_system:2.4.8-0
-
cpe:2.3:a:sfu:open_journal_system:2.4.8-1
-
cpe:2.3:a:sfu:open_journal_system:2.4.8-2
-
cpe:2.3:a:sfu:open_journal_system:2.4.8-3
-
cpe:2.3:a:sfu:open_journal_system:3.0
-
cpe:2.3:a:sfu:open_journal_system:3.0.0-0
-
cpe:2.3:a:sfu:open_journal_system:3.0.1-0
-
cpe:2.3:a:sfu:open_journal_system:3.0.2-0
-
cpe:2.3:a:sfu:open_journal_system:3.1.0-0
-
cpe:2.3:a:sfu:open_journal_system:3.1.0-1
-
cpe:2.3:a:sfu:open_journal_system:3.1.1-0
-
cpe:2.3:a:sfu:open_journal_system:3.1.1-1
-
cpe:2.3:a:sfu:open_journal_system:3.1.1-2
-
cpe:2.3:a:sfu:open_journal_system:3.1.1-4
-
cpe:2.3:a:sfu:open_journal_system:3.1.2-0
-
cpe:2.3:a:sfu:open_journal_system:3.1.2-1