CVE-2011-5196

Public Knowledge Open Journal Systems < 2.3.6 - CSRF

Title source: rule

Description

Cross-site request forgery (CSRF) vulnerability in index/manager/fileUpload in Public Knowledge Project Open Journal Systems 2.3.6 and earlier allows remote attackers to hijack the authentication of administrators for requests that upload PHP files.

Exploits (1)

exploitdb WORKING POC VERIFIED
by mr_me · pythonwebappsphp
https://www.exploit-db.com/exploits/18266

References (3)

Scores

EPSS 0.0033
EPSS Percentile 55.1%

Classification

CWE
CWE-352
Status draft

Affected Products (30)

public_knowledge_project/open_journal_systems < 2.3.6
public_knowledge_project/open_journal_systems
public_knowledge_project/open_journal_systems
public_knowledge_project/open_journal_systems
public_knowledge_project/open_journal_systems
public_knowledge_project/open_journal_systems
public_knowledge_project/open_journal_systems
public_knowledge_project/open_journal_systems
public_knowledge_project/open_journal_systems
public_knowledge_project/open_journal_systems
public_knowledge_project/open_journal_systems
public_knowledge_project/open_journal_systems
public_knowledge_project/open_journal_systems
public_knowledge_project/open_journal_systems
public_knowledge_project/open_journal_systems
... and 15 more

Timeline

Published Sep 23, 2012
Tracked Since Feb 18, 2026