Описание
PKP-WAL (aka PKP Web Application Library or pkp-lib) before 3.3.0-16, as used in Open Journal Systems (OJS) and other products, does not verify that the file named in an XML document (used for the native import/export plugin) is an image file, before trying to use it for an issue cover image.
Ссылки
- Issue TrackingPatch
- Issue TrackingPatch
Уязвимые конфигурации
Конфигурация 1Версия до 3.3.0-16 (исключая)
cpe:2.3:a:sfu:pkp_web_application_library:*:*:*:*:*:*:*:*
EPSS
Процентиль: 36%
0.00155
Низкий
5.3 Medium
CVSS3
Дефекты
NVD-CWE-noinfo
Связанные уязвимости
CVSS3: 5.3
github
больше 2 лет назад
PKP-WAL (aka PKP Web Application Library or pkp-lib) before 3.3.0-16, as used in Open Journal Systems (OJS) and other products, does not verify that the file named in an XML document (used for the native import/export plugin) is an image file, before trying to use it for an issue cover image.
EPSS
Процентиль: 36%
0.00155
Низкий
5.3 Medium
CVSS3
Дефекты
NVD-CWE-noinfo