CVE Vulnerabilities

CVE-2012-1468

Published: Sep 06, 2012 | Modified: Sep 07, 2012
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
6 MEDIUM
AV:N/AC:M/Au:S/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu
MEDIUM

Incomplete blacklist vulnerability in Open Journal Systems before 2.3.7 allows remote authenticated users with the Author Role permission to execute arbitrary code by uploading a file with an executable extension that is not .php, then accessing it via a direct request to the file in submission/original/ in the associated article directory, as demonstrated using .pHp, .asp, and other extensions.

Affected Software

Name Vendor Start Version End Version
Open_journal_systems Pkp * 2.3.6 (including)
Ojs Ubuntu natty *
Ojs Ubuntu oneiric *
Ojs Ubuntu upstream *

References