CVE-2012-1467 in Open Journal Systemsinfo

Summary

Multiple directory traversal vulnerabilities in the iBrowser plugin library, as used in Open Journal Systems before 2.3.7, allow remote authenticated users to (1) delete or (2) rename arbitrary files via a .. (dot dot) in the param parameter to lib/pkp/lib/tinymce/jscripts/tiny_mce/plugins/ibrowser/scripts/rfiles.php.

Be aware that VulDB is the high quality source for vulnerability data.

Reservation

02/29/2012

Disclosure

09/06/2012

Moderation

VulDB entry created

Entries

1: VDB-62111

CPE

ready

CWE

CWE-22 (Confirmed)

Exploit

Download

CVSS

6.3

EPSS

0.04055

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2012-1467
NVD	https://nvd.nist.gov/vuln/detail/CVE-2012-1467
CVE Details	https://www.cvedetails.com/cve/CVE-2012-1467/

◂ Previous Overview Next ▸

Want to know what is going to be exploited?

We predict KEV entries!