Lucene search

[email protected]CVE-2011-5196

HistorySep 23, 2012 - 5:55 p.m.

CVE-2011-5196

2012-09-2317:55:01

CWE-352

[email protected]

web.nvd.nist.gov

cve-2011-5196

cross-site request forgery

csrf

vulnerability

open journal systems

php files

nvd

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.5 High

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

72.8%

JSON

Cross-site request forgery (CSRF) vulnerability in index/manager/fileUpload in Public Knowledge Project Open Journal Systems 2.3.6 and earlier allows remote attackers to hijack the authentication of administrators for requests that upload PHP files.

Affected configurations

NVD

Node

public_knowledge_projectopen_journal_systemsRange≤2.3.6

public_knowledge_projectopen_journal_systemsMatch1.0

public_knowledge_projectopen_journal_systemsMatch1.0.1

public_knowledge_projectopen_journal_systemsMatch1.1

public_knowledge_projectopen_journal_systemsMatch1.1.5

public_knowledge_projectopen_journal_systemsMatch1.1.6

public_knowledge_projectopen_journal_systemsMatch1.1.7

public_knowledge_projectopen_journal_systemsMatch1.1.8

public_knowledge_projectopen_journal_systemsMatch1.1.9

public_knowledge_projectopen_journal_systemsMatch1.1.10

public_knowledge_projectopen_journal_systemsMatch2.0

public_knowledge_projectopen_journal_systemsMatch2.0.1

public_knowledge_projectopen_journal_systemsMatch2.0.2-1

public_knowledge_projectopen_journal_systemsMatch2.1

public_knowledge_projectopen_journal_systemsMatch2.1.1

public_knowledge_projectopen_journal_systemsMatch2.2

public_knowledge_projectopen_journal_systemsMatch2.2.1

public_knowledge_projectopen_journal_systemsMatch2.2.2

public_knowledge_projectopen_journal_systemsMatch2.2.3

public_knowledge_projectopen_journal_systemsMatch2.2.4

public_knowledge_projectopen_journal_systemsMatch2.3.0

public_knowledge_projectopen_journal_systemsMatch2.3.1-2

public_knowledge_projectopen_journal_systemsMatch2.3.2

public_knowledge_projectopen_journal_systemsMatch2.3.2-1

public_knowledge_projectopen_journal_systemsMatch2.3.3

public_knowledge_projectopen_journal_systemsMatch2.3.3-1

public_knowledge_projectopen_journal_systemsMatch2.3.3-2

public_knowledge_projectopen_journal_systemsMatch2.3.3-3

public_knowledge_projectopen_journal_systemsMatch2.3.4

public_knowledge_projectopen_journal_systemsMatch2.3.5

CPENameOperatorVersion
public_knowledge_project:open_journal_systemspublic knowledge project open journal systemsle2.3.6
public_knowledge_project:open_journal_systemspublic knowledge project open journal systemseq1.0
public_knowledge_project:open_journal_systemspublic knowledge project open journal systemseq1.0.1
public_knowledge_project:open_journal_systemspublic knowledge project open journal systemseq1.1
public_knowledge_project:open_journal_systemspublic knowledge project open journal systemseq1.1.5
public_knowledge_project:open_journal_systemspublic knowledge project open journal systemseq1.1.6
public_knowledge_project:open_journal_systemspublic knowledge project open journal systemseq1.1.7
public_knowledge_project:open_journal_systemspublic knowledge project open journal systemseq1.1.8
public_knowledge_project:open_journal_systemspublic knowledge project open journal systemseq1.1.9
public_knowledge_project:open_journal_systemspublic knowledge project open journal systemseq1.1.10

CPE	Name	Operator	Version
public_knowledge_project:open_journal_systems	public knowledge project open journal systems	le	2.3.6
public_knowledge_project:open_journal_systems	public knowledge project open journal systems	eq	1.0
public_knowledge_project:open_journal_systems	public knowledge project open journal systems	eq	1.0.1
public_knowledge_project:open_journal_systems	public knowledge project open journal systems	eq	1.1
public_knowledge_project:open_journal_systems	public knowledge project open journal systems	eq	1.1.5
public_knowledge_project:open_journal_systems	public knowledge project open journal systems	eq	1.1.6
public_knowledge_project:open_journal_systems	public knowledge project open journal systems	eq	1.1.7
public_knowledge_project:open_journal_systems	public knowledge project open journal systems	eq	1.1.8
public_knowledge_project:open_journal_systems	public knowledge project open journal systems	eq	1.1.9
public_knowledge_project:open_journal_systems	public knowledge project open journal systems	eq	1.1.10

Rows per page:

1-10 of 301

References

osvdb.org/77995

secunia.com/advisories/47330

www.exploit-db.com/exploits/18266

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.5 High

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

72.8%

JSON

Related for CVE-2011-5196

prion1 ubuntucve1 cvelist1 nvd1