CVE-2012-1468 - OpenCVE

Incomplete blacklist vulnerability in Open Journal Systems before 2.3.7 allows remote authenticated users with the Author Role permission to execute arbitrary code by uploading a file with an executable extension that is not ".php", then accessing it via a direct request to the file in submission/original/ in the associated article directory, as demonstrated using .pHp, .asp, and other extensions.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:S/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Pkp	Open Journal Systems

Configuration 1 [-]

cpe:2.3:a:pkp:open_journal_systems:*:*:*:*:*:*:*:*

References

Link	Resource
http://pkp.sfu.ca/ojs/RELEASE-2.3.7
http://pkp.sfu.ca/support/forum/viewtopic.php?f=2&t=8431
https://www.htbridge.com/advisory/HTB23079	Exploit

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2022-10-03T16:15:27

Updated: 2022-10-03T16:15:27

Reserved: 2022-10-03T00:00:00

Link: CVE-2012-1468

JSON object: View

NVD Information

Status : Analyzed

Published: 2012-09-06T21:55:01.160

Modified: 2012-09-07T13:41:43.600

Link: CVE-2012-1468

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Incomplete blacklist vulnerability in Open Journal Systems before 2.3.7 allows remote authenticated users with the Author Role permission to execute arbitrary code by uploading a file with an executable extension that is not \".php\", then accessing it via a direct request to the file in submission/original/ in the associated article directory, as demonstrated using .pHp, .asp, and other extensions."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-10-03T16:15:27", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://pkp.sfu.ca/support/forum/viewtopic.php?f=2&t=8431"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://pkp.sfu.ca/ojs/RELEASE-2.3.7"}, {"tags": ["x_refsource_MISC"], "url": "https://www.htbridge.com/advisory/HTB23079"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2012-1468", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Incomplete blacklist vulnerability in Open Journal Systems before 2.3.7 allows remote authenticated users with the Author Role permission to execute arbitrary code by uploading a file with an executable extension that is not \".php\", then accessing it via a direct request to the file in submission/original/ in the associated article directory, as demonstrated using .pHp, .asp, and other extensions."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://pkp.sfu.ca/support/forum/viewtopic.php?f=2&t=8431", "refsource": "CONFIRM", "url": "http://pkp.sfu.ca/support/forum/viewtopic.php?f=2&t=8431"}, {"name": "http://pkp.sfu.ca/ojs/RELEASE-2.3.7", "refsource": "CONFIRM", "url": "http://pkp.sfu.ca/ojs/RELEASE-2.3.7"}, {"name": "https://www.htbridge.com/advisory/HTB23079", "refsource": "MISC", "url": "https://www.htbridge.com/advisory/HTB23079"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2012-1468", "datePublished": "2022-10-03T16:15:27", "dateReserved": "2022-10-03T00:00:00", "dateUpdated": "2022-10-03T16:15:27", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:pkp:open_journal_systems:*:*:*:*:*:*:*:*", "matchCriteriaId": "8CF799D7-B134-475A-8BA7-C50F07736A80", "versionEndIncluding": "2.3.6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Incomplete blacklist vulnerability in Open Journal Systems before 2.3.7 allows remote authenticated users with the Author Role permission to execute arbitrary code by uploading a file with an executable extension that is not \".php\", then accessing it via a direct request to the file in submission/original/ in the associated article directory, as demonstrated using .pHp, .asp, and other extensions."}, {"lang": "es", "value": "Vulnerabilidad de lista negra incompleta en Open Journal Systems antes de v2.3.7 permite ejecutar c\u00f3digo de su elecci\u00f3n a usuarios remotos autenticados con permisos de 'Autor' mediante la carga de un archivo con una extensi\u00f3n ejecutable que no es \".php\" y luego accediendo a ese fichero a trav\u00e9s de una solicitud directa al archivo en submission/original/ en el directorio de art\u00edculos asociados, tal y como se ha demostrado utilizando extensiones .php, .asp y otras.\r\n"}], "evaluatorComment": "Per: http://cwe.mitre.org/data/definitions/184.html 'CWE-184: Incomplete Blacklist'", "id": "CVE-2012-1468", "lastModified": "2012-09-07T13:41:43.600", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2012-09-06T21:55:01.160", "references": [{"source": "cve@mitre.org", "url": "http://pkp.sfu.ca/ojs/RELEASE-2.3.7"}, {"source": "cve@mitre.org", "url": "http://pkp.sfu.ca/support/forum/viewtopic.php?f=2&t=8431"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "https://www.htbridge.com/advisory/HTB23079"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}