Description
Cross-site request forgery (CSRF) vulnerability in index/manager/fileUpload in Public Knowledge Project Open Harvester Systems 2.3.1 and earlier allows remote attackers to hijack the authentication of administrators for requests that upload PHP files.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by mr_me · pythonwebappsphp
https://www.exploit-db.com/exploits/18266
References (1)
Core 1
Core References
Exploit exploit
x_refsource_exploit-db
http://www.exploit-db.com/exploits/18266
Scores
EPSS
0.0037
EPSS Percentile
58.5%
Details
CWE
CWE-352
Status
published
Products (6)
public_knowledge_project/open_harvester_systems
1.0
public_knowledge_project/open_harvester_systems
1.0.1
public_knowledge_project/open_harvester_systems
2.0.0
public_knowledge_project/open_harvester_systems
2.0.1
public_knowledge_project/open_harvester_systems
2.3.0
public_knowledge_project/open_harvester_systems
< 2.3.1
Published
Sep 23, 2012
Tracked Since
Feb 18, 2026