Lucene search

[email protected]CVE-2012-1467

HistoryOct 03, 2022 - 4:15 p.m.

CVE-2012-1467

2022-10-0316:15:27

CWE-22

[email protected]

web.nvd.nist.gov

cve

directory traversal

ibrowser plugin

open journal systems

remote authentication

vulnerabilities

nvd

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

6.6 Medium

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

74.2%

JSON

Multiple directory traversal vulnerabilities in the iBrowser plugin library, as used in Open Journal Systems before 2.3.7, allow remote authenticated users to (1) delete or (2) rename arbitrary files via a … (dot dot) in the param parameter to lib/pkp/lib/tinymce/jscripts/tiny_mce/plugins/ibrowser/scripts/rfiles.php.

Affected configurations

NVD

Node

pkpopen_journal_systemsRange≤2.3.6

CPENameOperatorVersion
pkp:open_journal_systemspkp open journal systemsle2.3.6

CPE	Name	Operator	Version
pkp:open_journal_systems	pkp open journal systems	le	2.3.6

References

pkp.sfu.ca/support/forum/viewtopic.php?f=2&t=8431

www.htbridge.com/advisory/HTB23079

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

6.6 Medium

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

74.2%

JSON

Related for CVE-2012-1467

prion1 ubuntucve1 cvelist1 nvd1 securityvulns2 packetstorm1 htbridge1