Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-1467

Overview

Vulnerability Score 6.5 6.5
CVE Id CVE-2012-1467
Last Modified 13 Sep 2012 12:00:00
Published 06 Sep 2012 05:55:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2012-1467

Summary

Multiple directory traversal vulnerabilities in the iBrowser plugin library, as used in Open Journal Systems before 2.3.7, allow remote authenticated users to (1) delete or (2) rename arbitrary files via a .. (dot dot) in the param parameter to lib/pkp/lib/tinymce/jscripts/tiny_mce/plugins/ibrowser/scripts/rfiles.php.

Vulnerable Systems

Application

  • Pkp Open Journal Systems 2.3.6


References

MISC - https://www.htbridge.com/advisory/HTB23079

CONFIRM - http://pkp.sfu.ca/support/forum/viewtopic.php?f=2&t=8431


Last Updated: 27 May 2016 10:56:37