CVE-2011-5195

Open Conference Systems < 2.3.4 - Cross-Site Request Forgery via File Upload

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2011-5195. PoCs published by mr_me.

AI-analyzed exploit summary This exploit leverages a CSRF vulnerability in Open Conference/Journal/Harvester Systems to upload a malicious PHP file, achieving remote code execution. It requires an admin to visit a crafted link while authenticated.

Description

Cross-site request forgery (CSRF) vulnerability in index/manager/fileUpload in Public Knowledge Project Open Conference Systems 2.3.4 and earlier allows remote attackers to hijack the authentication of administrators for requests that upload a PHP file.

Exploits (1)

exploitdb WORKING POC VERIFIED

by mr_me · pythonwebappsphp

https://www.exploit-db.com/exploits/18266

View Code ZIP pw:eip

This exploit leverages a CSRF vulnerability in Open Conference/Journal/Harvester Systems to upload a malicious PHP file, achieving remote code execution. It requires an admin to visit a crafted link while authenticated.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Open Conference Systems <= 2.3.4, Open Journal Systems <= 2.3.6, Open Harvester Systems <= 2.3.1

Auth required

Prerequisites: Admin user must be logged in and visit the attacker's link · Target must have vulnerable PKP software installed

MITRE ATT&CK

T1059 - Command and Scripting Interpreter T1189 - Drive-by Compromise T1204 - User Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/47330

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/77995

Exploit exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/18266

Scores

EPSS 0.0111

EPSS Percentile 61.5%

Details

CWE

CWE-352

Status published

Products (23)

public_knowledge_project/open_conference_systems 1.0

public_knowledge_project/open_conference_systems 1.1

public_knowledge_project/open_conference_systems 1.1.1

public_knowledge_project/open_conference_systems 1.1.2

public_knowledge_project/open_conference_systems 1.1.3

public_knowledge_project/open_conference_systems 1.1.4

public_knowledge_project/open_conference_systems 1.1.5

public_knowledge_project/open_conference_systems 1.1.6

public_knowledge_project/open_conference_systems 1.1.7

public_knowledge_project/open_conference_systems 2.0

... and 13 more

Published Sep 23, 2012

Tracked Since Feb 18, 2026