NVD

Id
43382  
Name
CVE-2012-1468  
Description
Incomplete blacklist vulnerability in Open Journal Systems before 2.3.7 allows remote authenticated users with the Author Role permission to execute arbitrary code by uploading a file with an executable extension that is not ".php", then accessing it via a direct request to the file in submission/original/ in the associated article directory, as demonstrated using .pHp, .asp, and other extensions.  
Reject
 
CVSS Version
2  
CVSS Score
6  
Severity
Medium  
CVSS Base Score
6  
CVSS Impact Subscore
6.4  
CVSS Exploit Subscore
6.8  
CVSS Vector
(AV:N/AC:M/Au:S/C:P/I:P/A:P)  
Pub Date
2017-01-19  
Published
2012-09-06  
Modified Date
2012-09-07  
Seq
2012-1468  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
218014 43382 CVE-2012-1468 http://pkp.sfu.ca/ojs/RELEASE-2.3.7  View
218015 43382 CVE-2012-1468 http://pkp.sfu.ca/support/forum/viewtopic.php?f=2&t=8431  View
218016 43382 CVE-2012-1468 https://www.htbridge.com/advisory/HTB23079  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
28475 JVNDB-2012-004182 Open Journal Systems における任意のコードを実行される脆弱性 Open Journal Systems には、不完全なブラックリストにより、任意のコードを実行される脆弱性が存在します。 CVE-2012-1468 54706 CVE-2012-1468 43382 6 http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004182.html 2012-03-16 2012-09-11 View