Description
Cross-site request forgery (CSRF) vulnerability in index/manager/fileUpload in Public Knowledge Project Open Journal Systems 2.3.6 and earlier allows remote attackers to hijack the authentication of administrators for requests that upload PHP files.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by mr_me · pythonwebappsphp
https://www.exploit-db.com/exploits/18266
References (3)
Core 3
Core References
Exploit, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/47330
Exploit vdb-entry
x_refsource_osvdb
http://osvdb.org/77995
Exploit exploit
x_refsource_exploit-db
http://www.exploit-db.com/exploits/18266
Scores
EPSS
0.0033
EPSS Percentile
55.5%
Details
CWE
CWE-352
Status
published
Products (30)
public_knowledge_project/open_journal_systems
1.0
public_knowledge_project/open_journal_systems
1.0.1
public_knowledge_project/open_journal_systems
1.1
public_knowledge_project/open_journal_systems
1.1.5
public_knowledge_project/open_journal_systems
1.1.6
public_knowledge_project/open_journal_systems
1.1.7
public_knowledge_project/open_journal_systems
1.1.8
public_knowledge_project/open_journal_systems
1.1.9
public_knowledge_project/open_journal_systems
1.1.10
public_knowledge_project/open_journal_systems
2.0
... and 20 more
Published
Sep 23, 2012
Tracked Since
Feb 18, 2026