CVE-2011-5195

Public Knowledge Open Conference Systems < 2.3.4 - CSRF

Title source: rule

Description

Cross-site request forgery (CSRF) vulnerability in index/manager/fileUpload in Public Knowledge Project Open Conference Systems 2.3.4 and earlier allows remote attackers to hijack the authentication of administrators for requests that upload a PHP file.

Exploits (1)

exploitdb WORKING POC VERIFIED

by mr_me · pythonwebappsphp

https://www.exploit-db.com/exploits/18266

View Code ZIP pw:eip

References (3)

[Third Party Advisory, VDB Entry] http://osvdb.org/77995

[Vendor Advisory] http://secunia.com/advisories/47330

[Exploit] http://www.exploit-db.com/exploits/18266

Scores

EPSS 0.0040

EPSS Percentile 60.4%

Classification

CWE

CWE-352

Status draft

Affected Products (23)

public_knowledge_project/open_conference_systems < 2.3.4

public_knowledge_project/open_conference_systems

public_knowledge_project/open_conference_systems

public_knowledge_project/open_conference_systems

public_knowledge_project/open_conference_systems

public_knowledge_project/open_conference_systems

public_knowledge_project/open_conference_systems

public_knowledge_project/open_conference_systems

public_knowledge_project/open_conference_systems

public_knowledge_project/open_conference_systems

public_knowledge_project/open_conference_systems

public_knowledge_project/open_conference_systems

public_knowledge_project/open_conference_systems

public_knowledge_project/open_conference_systems

public_knowledge_project/open_conference_systems

... and 8 more

Timeline

Published Sep 23, 2012

Tracked Since Feb 18, 2026