CVE-2011-5196

Open Journal Systems < 2.3.6 - Cross-Site Request Forgery via File Upload

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2011-5196. PoCs published by mr_me.

AI-analyzed exploit summary This exploit leverages a CSRF vulnerability in Open Conference/Journal/Harvester Systems to upload a malicious PHP file, achieving remote code execution. It requires an admin to visit a crafted link while authenticated.

Description

Cross-site request forgery (CSRF) vulnerability in index/manager/fileUpload in Public Knowledge Project Open Journal Systems 2.3.6 and earlier allows remote attackers to hijack the authentication of administrators for requests that upload PHP files.

Exploits (1)

exploitdb WORKING POC VERIFIED

by mr_me · pythonwebappsphp

https://www.exploit-db.com/exploits/18266

View Code ZIP pw:eip

This exploit leverages a CSRF vulnerability in Open Conference/Journal/Harvester Systems to upload a malicious PHP file, achieving remote code execution. It requires an admin to visit a crafted link while authenticated.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Open Conference Systems <= 2.3.4, Open Journal Systems <= 2.3.6, Open Harvester Systems <= 2.3.1

Auth required

Prerequisites: Admin user must be logged in and visit the attacker's link · Target must have vulnerable PKP software installed

MITRE ATT&CK

T1059 - Command and Scripting Interpreter T1189 - Drive-by Compromise T1204 - User Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit, Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/47330

Exploit vdb-entry x_refsource_osvdb

http://osvdb.org/77995

Exploit exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/18266

Scores

EPSS 0.0133

EPSS Percentile 67.4%

Details

CWE

CWE-352

Status published

Products (30)

public_knowledge_project/open_journal_systems 1.0

public_knowledge_project/open_journal_systems 1.0.1

public_knowledge_project/open_journal_systems 1.1

public_knowledge_project/open_journal_systems 1.1.5

public_knowledge_project/open_journal_systems 1.1.6

public_knowledge_project/open_journal_systems 1.1.7

public_knowledge_project/open_journal_systems 1.1.8

public_knowledge_project/open_journal_systems 1.1.9

public_knowledge_project/open_journal_systems 1.1.10

public_knowledge_project/open_journal_systems 2.0

... and 20 more

Published Sep 23, 2012

Tracked Since Feb 18, 2026