CVE-2012-1467
6.5
Vector
AV:N/AC:L/Au:S/C:P/I:P/A:P
Exploitability: 8.0 / Impact: 6.4
Source: NVD
Description
Multiple directory traversal vulnerabilities in the iBrowser plugin library, as used in Open Journal Systems before 2.3.7, allow remote authenticated users to (1) delete or (2) rename arbitrary files via a .. (dot dot) in the param parameter to lib/pkp/lib/tinymce/jscripts/tiny_mce/plugins/ibrowser/scripts/rfiles.php.
Affected (1)
Products: Pkp: Open Journal Systems
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 2.3.6 |
References (4)
Source: cve@mitre.org
Source: af854a3a-2127-422b-91ae-364da2661108
Timeline
No history available yet.