Vulnerability CVE-2011-5196

Vulnerability CVE-2011-5196

Published: 2012-09-23

Description:

Cross-site request forgery (CSRF) vulnerability in index/manager/fileUpload in Public Knowledge Project Open Journal Systems 2.3.6 and earlier allows remote attackers to hijack the authentication of administrators for requests that upload PHP files.

See advisories in our WLB2 database:

	Topic	Author	Date
High	Open Conference / Journal / Harvester Systems 2.3.x Code Execution	mr_me::rwx kru	24.12.2011

Type:

CWE-352

(Cross-Site Request Forgery (CSRF))

CVSS2 => (AV:N/AC:M/Au:N/C:P/I:P/A:P)

CVSS Base Score	Impact Subscore	Exploitability Subscore
6.8/10	6.4/10	8.6/10

Exploit range	Attack complexity	Authentication
Remote	Medium	No required
Confidentiality impact	Integrity impact	Availability impact
Partial	Partial	Partial

Affected software
Public knowledge project -> Open journal systems

References:

http://www.exploit-db.com/exploits/18266

Copyright 2024, cxsecurity.com