Cross-site request forgery (CSRF) vulnerability in index/manager/fileUpload in Public Knowledge Project Open Conference Systems 2.3.4 and earlier allows remote attackers to hijack the authentication of administrators for requests that upload a PHP file.
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Open_conference_systems | Public_knowledge_project | * | 2.3.4 (including) |
Open_conference_systems | Public_knowledge_project | 1.0 (including) | 1.0 (including) |
Open_conference_systems | Public_knowledge_project | 1.1 (including) | 1.1 (including) |
Open_conference_systems | Public_knowledge_project | 1.1.1 (including) | 1.1.1 (including) |
Open_conference_systems | Public_knowledge_project | 1.1.2 (including) | 1.1.2 (including) |
Open_conference_systems | Public_knowledge_project | 1.1.3 (including) | 1.1.3 (including) |
Open_conference_systems | Public_knowledge_project | 1.1.4 (including) | 1.1.4 (including) |
Open_conference_systems | Public_knowledge_project | 1.1.5 (including) | 1.1.5 (including) |
Open_conference_systems | Public_knowledge_project | 1.1.6 (including) | 1.1.6 (including) |
Open_conference_systems | Public_knowledge_project | 1.1.7 (including) | 1.1.7 (including) |
Open_conference_systems | Public_knowledge_project | 2.0 (including) | 2.0 (including) |
Open_conference_systems | Public_knowledge_project | 2.1 (including) | 2.1 (including) |
Open_conference_systems | Public_knowledge_project | 2.1.0-1 (including) | 2.1.0-1 (including) |
Open_conference_systems | Public_knowledge_project | 2.1.1 (including) | 2.1.1 (including) |
Open_conference_systems | Public_knowledge_project | 2.1.1-1 (including) | 2.1.1-1 (including) |
Open_conference_systems | Public_knowledge_project | 2.1.1.-2 (including) | 2.1.1.-2 (including) |
Open_conference_systems | Public_knowledge_project | 2.1.2 (including) | 2.1.2 (including) |
Open_conference_systems | Public_knowledge_project | 2.1.2-1 (including) | 2.1.2-1 (including) |
Open_conference_systems | Public_knowledge_project | 2.3 (including) | 2.3 (including) |
Open_conference_systems | Public_knowledge_project | 2.3.1 (including) | 2.3.1 (including) |
Open_conference_systems | Public_knowledge_project | 2.3.2 (including) | 2.3.2 (including) |
Open_conference_systems | Public_knowledge_project | 2.3.3 (including) | 2.3.3 (including) |
Open_conference_systems | Public_knowledge_project | 2.3.3-1 (including) | 2.3.3-1 (including) |