Description
Incomplete blacklist vulnerability in Open Journal Systems before 2.3.7 allows remote authenticated users with the Author Role permission to execute arbitrary code by uploading a file with an executable extension that is not ".php", then accessing it via a direct request to the file in submission/original/ in the associated article directory, as demonstrated using .pHp, .asp, and other extensions.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by High-Tech Bridge · textwebappsphp
https://www.exploit-db.com/exploits/37001
References (3)
Core 3
Core References
Various Sources x_refsource_confirm
http://pkp.sfu.ca/support/forum/viewtopic.php?f=2&t=8431
Various Sources x_refsource_confirm
http://pkp.sfu.ca/ojs/RELEASE-2.3.7
Exploit x_refsource_misc
https://www.htbridge.com/advisory/HTB23079
Scores
EPSS
0.1247
EPSS Percentile
93.9%
Details
Status
published
Products (1)
pkp/open_journal_systems
< 2.3.6
Published
Sep 06, 2012
Tracked Since
Feb 18, 2026