CVE-2012-1468 - OpenCVE

Incomplete blacklist vulnerability in Open Journal Systems before 2.3.7 allows remote authenticated users with the Author Role permission to execute arbitrary code by uploading a file with an executable extension that is not ".php", then accessing it via a direct request to the file in submission/original/ in the associated article directory, as demonstrated using .pHp, .asp, and other extensions.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:S/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Pkp	Open Journal Systems

Configuration 1 [-]

cpe:2.3:a:pkp:open_journal_systems:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://pkp.sfu.ca/ojs/RELEASE-2.3.7
http://pkp.sfu.ca/support/forum/viewtopic.php?f=2&t=8431
https://www.htbridge.com/advisory/HTB23079

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2012-09-06T21:00:00Z

Updated: 2024-09-17T03:42:40.820Z

Reserved: 2012-02-29T00:00:00Z

Link: CVE-2012-1468

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2012-09-06T21:55:01.160

Modified: 2012-09-07T13:41:43.600

Link: CVE-2012-1468

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Incomplete blacklist vulnerability in Open Journal Systems before 2.3.7 allows remote authenticated users with the Author Role permission to execute arbitrary code by uploading a file with an executable extension that is not \".php\", then accessing it via a direct request to the file in submission/original/ in the associated article directory, as demonstrated using .pHp, .asp, and other extensions."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2012-09-06T21:00:00Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://pkp.sfu.ca/support/forum/viewtopic.php?f=2&t=8431"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://pkp.sfu.ca/ojs/RELEASE-2.3.7"}, {"tags": ["x_refsource_MISC"], "url": "https://www.htbridge.com/advisory/HTB23079"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2012-1468", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Incomplete blacklist vulnerability in Open Journal Systems before 2.3.7 allows remote authenticated users with the Author Role permission to execute arbitrary code by uploading a file with an executable extension that is not \".php\", then accessing it via a direct request to the file in submission/original/ in the associated article directory, as demonstrated using .pHp, .asp, and other extensions."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://pkp.sfu.ca/support/forum/viewtopic.php?f=2&t=8431", "refsource": "CONFIRM", "url": "http://pkp.sfu.ca/support/forum/viewtopic.php?f=2&t=8431"}, {"name": "http://pkp.sfu.ca/ojs/RELEASE-2.3.7", "refsource": "CONFIRM", "url": "http://pkp.sfu.ca/ojs/RELEASE-2.3.7"}, {"name": "https://www.htbridge.com/advisory/HTB23079", "refsource": "MISC", "url": "https://www.htbridge.com/advisory/HTB23079"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T19:01:01.535Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://pkp.sfu.ca/support/forum/viewtopic.php?f=2&t=8431"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://pkp.sfu.ca/ojs/RELEASE-2.3.7"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.htbridge.com/advisory/HTB23079"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2012-1468", "datePublished": "2012-09-06T21:00:00Z", "dateReserved": "2012-02-29T00:00:00Z", "dateUpdated": "2024-09-17T03:42:40.820Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:pkp:open_journal_systems:*:*:*:*:*:*:*:*", "matchCriteriaId": "8CF799D7-B134-475A-8BA7-C50F07736A80", "versionEndIncluding": "2.3.6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Incomplete blacklist vulnerability in Open Journal Systems before 2.3.7 allows remote authenticated users with the Author Role permission to execute arbitrary code by uploading a file with an executable extension that is not \".php\", then accessing it via a direct request to the file in submission/original/ in the associated article directory, as demonstrated using .pHp, .asp, and other extensions."}, {"lang": "es", "value": "Vulnerabilidad de lista negra incompleta en Open Journal Systems antes de v2.3.7 permite ejecutar c\u00f3digo de su elecci\u00f3n a usuarios remotos autenticados con permisos de 'Autor' mediante la carga de un archivo con una extensi\u00f3n ejecutable que no es \".php\" y luego accediendo a ese fichero a trav\u00e9s de una solicitud directa al archivo en submission/original/ en el directorio de art\u00edculos asociados, tal y como se ha demostrado utilizando extensiones .php, .asp y otras.\r\n"}], "evaluatorComment": "Per: http://cwe.mitre.org/data/definitions/184.html 'CWE-184: Incomplete Blacklist'", "id": "CVE-2012-1468", "lastModified": "2012-09-07T13:41:43.600", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2012-09-06T21:55:01.160", "references": [{"source": "cve@mitre.org", "url": "http://pkp.sfu.ca/ojs/RELEASE-2.3.7"}, {"source": "cve@mitre.org", "url": "http://pkp.sfu.ca/support/forum/viewtopic.php?f=2&t=8431"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "https://www.htbridge.com/advisory/HTB23079"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}