CVE-2011-5196

EUVD-2011-5096
Cross-site request forgery (CSRF) vulnerability in index/manager/fileUpload in Public Knowledge Project Open Journal Systems 2.3.6 and earlier allows remote attackers to hijack the authentication of administrators for requests that upload PHP files.
CSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 55%
Affected Products (NVD)
VendorProductVersion
public_knowledge_projectopen_journal_systems
𝑥
≤ 2.3.6
public_knowledge_projectopen_journal_systems
1.0
public_knowledge_projectopen_journal_systems
1.0.1
public_knowledge_projectopen_journal_systems
1.1
public_knowledge_projectopen_journal_systems
1.1.5
public_knowledge_projectopen_journal_systems
1.1.6
public_knowledge_projectopen_journal_systems
1.1.7
public_knowledge_projectopen_journal_systems
1.1.8
public_knowledge_projectopen_journal_systems
1.1.9
public_knowledge_projectopen_journal_systems
1.1.10
public_knowledge_projectopen_journal_systems
2.0
public_knowledge_projectopen_journal_systems
2.0.1
public_knowledge_projectopen_journal_systems
2.0.2-1
public_knowledge_projectopen_journal_systems
2.1
public_knowledge_projectopen_journal_systems
2.1.1
public_knowledge_projectopen_journal_systems
2.2
public_knowledge_projectopen_journal_systems
2.2.1
public_knowledge_projectopen_journal_systems
2.2.2
public_knowledge_projectopen_journal_systems
2.2.3
public_knowledge_projectopen_journal_systems
2.2.4
public_knowledge_projectopen_journal_systems
2.3.0
public_knowledge_projectopen_journal_systems
2.3.1-2
public_knowledge_projectopen_journal_systems
2.3.2
public_knowledge_projectopen_journal_systems
2.3.2-1
public_knowledge_projectopen_journal_systems
2.3.3
public_knowledge_projectopen_journal_systems
2.3.3-1
public_knowledge_projectopen_journal_systems
2.3.3-2
public_knowledge_projectopen_journal_systems
2.3.3-3
public_knowledge_projectopen_journal_systems
2.3.4
public_knowledge_projectopen_journal_systems
2.3.5
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
ojs
hardy
dne
lucid
dne
natty
ignored
oneiric
ignored
precise
dne
quantal
dne
raring
dne
Common Weakness Enumeration
References
http://osvdb.org/77995
http://secunia.com/advisories/47330
http://www.exploit-db.com/exploits/18266
http://osvdb.org/77995
http://secunia.com/advisories/47330
http://www.exploit-db.com/exploits/18266