Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2011-5196

Опубликовано: 23 сент. 2012
Источник: nvd
CVSS2: 6.8
EPSS Низкий

Описание

Cross-site request forgery (CSRF) vulnerability in index/manager/fileUpload in Public Knowledge Project Open Journal Systems 2.3.6 and earlier allows remote attackers to hijack the authentication of administrators for requests that upload PHP files.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:public_knowledge_project:open_journal_systems:*:*:*:*:*:*:*:*
Версия до 2.3.6 (включая)
cpe:2.3:a:public_knowledge_project:open_journal_systems:1.0:*:*:*:*:*:*:*
cpe:2.3:a:public_knowledge_project:open_journal_systems:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:public_knowledge_project:open_journal_systems:1.1:*:*:*:*:*:*:*
cpe:2.3:a:public_knowledge_project:open_journal_systems:1.1.5:*:*:*:*:*:*:*
cpe:2.3:a:public_knowledge_project:open_journal_systems:1.1.6:*:*:*:*:*:*:*
cpe:2.3:a:public_knowledge_project:open_journal_systems:1.1.7:*:*:*:*:*:*:*
cpe:2.3:a:public_knowledge_project:open_journal_systems:1.1.8:*:*:*:*:*:*:*
cpe:2.3:a:public_knowledge_project:open_journal_systems:1.1.9:*:*:*:*:*:*:*
cpe:2.3:a:public_knowledge_project:open_journal_systems:1.1.10:*:*:*:*:*:*:*
cpe:2.3:a:public_knowledge_project:open_journal_systems:2.0:*:*:*:*:*:*:*
cpe:2.3:a:public_knowledge_project:open_journal_systems:2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:public_knowledge_project:open_journal_systems:2.0.2-1:*:*:*:*:*:*:*
cpe:2.3:a:public_knowledge_project:open_journal_systems:2.1:*:*:*:*:*:*:*
cpe:2.3:a:public_knowledge_project:open_journal_systems:2.1.1:*:*:*:*:*:*:*
cpe:2.3:a:public_knowledge_project:open_journal_systems:2.2:*:*:*:*:*:*:*
cpe:2.3:a:public_knowledge_project:open_journal_systems:2.2.1:*:*:*:*:*:*:*
cpe:2.3:a:public_knowledge_project:open_journal_systems:2.2.2:*:*:*:*:*:*:*
cpe:2.3:a:public_knowledge_project:open_journal_systems:2.2.3:*:*:*:*:*:*:*
cpe:2.3:a:public_knowledge_project:open_journal_systems:2.2.4:*:*:*:*:*:*:*
cpe:2.3:a:public_knowledge_project:open_journal_systems:2.3.0:*:*:*:*:*:*:*
cpe:2.3:a:public_knowledge_project:open_journal_systems:2.3.1-2:*:*:*:*:*:*:*
cpe:2.3:a:public_knowledge_project:open_journal_systems:2.3.2:*:*:*:*:*:*:*
cpe:2.3:a:public_knowledge_project:open_journal_systems:2.3.2-1:*:*:*:*:*:*:*
cpe:2.3:a:public_knowledge_project:open_journal_systems:2.3.3:*:*:*:*:*:*:*
cpe:2.3:a:public_knowledge_project:open_journal_systems:2.3.3-1:*:*:*:*:*:*:*
cpe:2.3:a:public_knowledge_project:open_journal_systems:2.3.3-2:*:*:*:*:*:*:*
cpe:2.3:a:public_knowledge_project:open_journal_systems:2.3.3-3:*:*:*:*:*:*:*
cpe:2.3:a:public_knowledge_project:open_journal_systems:2.3.4:*:*:*:*:*:*:*
cpe:2.3:a:public_knowledge_project:open_journal_systems:2.3.5:*:*:*:*:*:*:*

EPSS

Процентиль: 55%
0.00326
Низкий

6.8 Medium

CVSS2

Дефекты

CWE-352

Связанные уязвимости

ubuntu логотип

CVE-2011-5196

ubuntu
больше 13 лет назад

Cross-site request forgery (CSRF) vulnerability in index/manager/fileUpload in Public Knowledge Project Open Journal Systems 2.3.6 and earlier allows remote attackers to hijack the authentication of administrators for requests that upload PHP files.

debian логотип

CVE-2011-5196

debian
больше 13 лет назад

Cross-site request forgery (CSRF) vulnerability in index/manager/fileU ...

github логотип

GHSA-3frc-6c5w-8j5w

github
больше 3 лет назад

Cross-site request forgery (CSRF) vulnerability in index/manager/fileUpload in Public Knowledge Project Open Journal Systems 2.3.6 and earlier allows remote attackers to hijack the authentication of administrators for requests that upload PHP files.

EPSS

Процентиль: 55%
0.00326
Низкий

6.8 Medium

CVSS2

Дефекты

CWE-352