cbcvebase.
CVE-2012-1468
published 2012-09-06

CVE-2012-1468: Incomplete blacklist vulnerability in Open Journal Systems before 2.3.7 allows remote authenticated users with the Author Role permission to execute arbitrary…

PriorityP341medium6CVSS 2.0
AVNACMAuSCPIPAP
EXPLOIT
EPSS
3.48%
87.6th percentile
Incomplete blacklist vulnerability in Open Journal Systems before 2.3.7 allows remote authenticated users with the Author Role permission to execute arbitrary code by uploading a file with an executable extension that is not ".php", then accessing it via a direct request to the file in submission/original/ in the associated article directory, as demonstrated using .pHp, .asp, and other extensions.

Affected

1 ranges
VendorProductVersion rangeFixed in
pkpopen_journal_systems<= 2.3.6
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.