CVE-2011-5195

Cross-site request forgery (CSRF) vulnerability in index/manager/fileUpload in Public Knowledge Project Open Conference Systems 2.3.4 and earlier allows remote attackers to hijack the authentication of administrators for requests that upload a PHP file.
CSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 44%
VendorProductVersion
public_knowledge_projectopen_conference_systems
𝑥
≤ 2.3.4
public_knowledge_projectopen_conference_systems
1.0
public_knowledge_projectopen_conference_systems
1.1
public_knowledge_projectopen_conference_systems
1.1.1
public_knowledge_projectopen_conference_systems
1.1.2
public_knowledge_projectopen_conference_systems
1.1.3
public_knowledge_projectopen_conference_systems
1.1.4
public_knowledge_projectopen_conference_systems
1.1.5
public_knowledge_projectopen_conference_systems
1.1.6
public_knowledge_projectopen_conference_systems
1.1.7
public_knowledge_projectopen_conference_systems
2.0
public_knowledge_projectopen_conference_systems
2.1
public_knowledge_projectopen_conference_systems
2.1.0-1
public_knowledge_projectopen_conference_systems
2.1.1
public_knowledge_projectopen_conference_systems
2.1.1-1
public_knowledge_projectopen_conference_systems
2.1.1.-2
public_knowledge_projectopen_conference_systems
2.1.2
public_knowledge_projectopen_conference_systems
2.1.2-1
public_knowledge_projectopen_conference_systems
2.3
public_knowledge_projectopen_conference_systems
2.3.1
public_knowledge_projectopen_conference_systems
2.3.2
public_knowledge_projectopen_conference_systems
2.3.3
public_knowledge_projectopen_conference_systems
2.3.3-1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://osvdb.org/77995
http://secunia.com/advisories/47330
http://www.exploit-db.com/exploits/18266
http://osvdb.org/77995
http://secunia.com/advisories/47330
http://www.exploit-db.com/exploits/18266