CVE-2012-1468 in Open Journal Systemsinfo

Summary

Incomplete blacklist vulnerability in Open Journal Systems before 2.3.7 allows remote authenticated users with the Author Role permission to execute arbitrary code by uploading a file with an executable extension that is not ".php", then accessing it via a direct request to the file in submission/original/ in the associated article directory, as demonstrated using .pHp, .asp, and other extensions.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Responsible

Reservation

02/29/2012

Disclosure

09/06/2012

Moderation

VulDB entry created

Entries

VDB-62112

CPE

ready

CWE

CWE-184 (Confirmed)

Exploit

Download

CVSS

6.3

EPSS

0.12469

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2012-1468
NVD	https://nvd.nist.gov/vuln/detail/CVE-2012-1468
CVE Details	https://www.cvedetails.com/cve/CVE-2012-1468/

◂ Previous Overview Next ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!