CVE-2011-5197

Published: Sep 23, 2012Modified: Apr 29, 2026

6.8

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability: 8.6 / Impact: 6.4

Source: NVD

Description

Cross-site request forgery (CSRF) vulnerability in index/manager/fileUpload in Public Knowledge Project Open Harvester Systems 2.3.1 and earlier allows remote attackers to hijack the authentication of administrators for requests that upload PHP files.

Affected (6)

Products: Public Knowledge Project: Open Harvester Systems

Public Knowledge Project

1 product

Open Harvester Systems

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Public Knowledge Project Open Harvester Systems	Up to 2.3.1
Public Knowledge Project Open Harvester Systems	Version 1.0.1
Public Knowledge Project Open Harvester Systems	Version 1.0
Public Knowledge Project Open Harvester Systems	Version 2.0.0
Public Knowledge Project Open Harvester Systems	Version 2.0.1
Public Knowledge Project Open Harvester Systems	Version 2.3.0

Related CWEs

CWE-352

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (2)

http://www.exploit-db.com/exploits/18266

Source: cve@mitre.org

Exploit

http://www.exploit-db.com/exploits/18266

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

Timeline

No history available yet.