Lucene search

[email protected]CVE-2011-5195

HistorySep 23, 2012 - 5:55 p.m.

CVE-2011-5195

2012-09-2317:55:01

CWE-352

[email protected]

web.nvd.nist.gov

cve

2011

5195

csrf vulnerability

public knowledge project

open conference systems

security

nvd

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.4 High

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

72.8%

JSON

Cross-site request forgery (CSRF) vulnerability in index/manager/fileUpload in Public Knowledge Project Open Conference Systems 2.3.4 and earlier allows remote attackers to hijack the authentication of administrators for requests that upload a PHP file.

Affected configurations

NVD

Node

public_knowledge_projectopen_conference_systemsRange≤2.3.4

public_knowledge_projectopen_conference_systemsMatch1.0

public_knowledge_projectopen_conference_systemsMatch1.1

public_knowledge_projectopen_conference_systemsMatch1.1.1

public_knowledge_projectopen_conference_systemsMatch1.1.2

public_knowledge_projectopen_conference_systemsMatch1.1.3

public_knowledge_projectopen_conference_systemsMatch1.1.4

public_knowledge_projectopen_conference_systemsMatch1.1.5

public_knowledge_projectopen_conference_systemsMatch1.1.6

public_knowledge_projectopen_conference_systemsMatch1.1.7

public_knowledge_projectopen_conference_systemsMatch2.0

public_knowledge_projectopen_conference_systemsMatch2.1

public_knowledge_projectopen_conference_systemsMatch2.1.0-1

public_knowledge_projectopen_conference_systemsMatch2.1.1

public_knowledge_projectopen_conference_systemsMatch2.1.1-1

public_knowledge_projectopen_conference_systemsMatch2.1.1.-2

public_knowledge_projectopen_conference_systemsMatch2.1.2

public_knowledge_projectopen_conference_systemsMatch2.1.2-1

public_knowledge_projectopen_conference_systemsMatch2.3

public_knowledge_projectopen_conference_systemsMatch2.3.1

public_knowledge_projectopen_conference_systemsMatch2.3.2

public_knowledge_projectopen_conference_systemsMatch2.3.3

public_knowledge_projectopen_conference_systemsMatch2.3.3-1

CPENameOperatorVersion
public_knowledge_project:open_conference_systemspublic knowledge project open conference systemsle2.3.4
public_knowledge_project:open_conference_systemspublic knowledge project open conference systemseq1.0
public_knowledge_project:open_conference_systemspublic knowledge project open conference systemseq1.1
public_knowledge_project:open_conference_systemspublic knowledge project open conference systemseq1.1.1
public_knowledge_project:open_conference_systemspublic knowledge project open conference systemseq1.1.2
public_knowledge_project:open_conference_systemspublic knowledge project open conference systemseq1.1.3
public_knowledge_project:open_conference_systemspublic knowledge project open conference systemseq1.1.4
public_knowledge_project:open_conference_systemspublic knowledge project open conference systemseq1.1.5
public_knowledge_project:open_conference_systemspublic knowledge project open conference systemseq1.1.6
public_knowledge_project:open_conference_systemspublic knowledge project open conference systemseq1.1.7

CPE	Name	Operator	Version
public_knowledge_project:open_conference_systems	public knowledge project open conference systems	le	2.3.4
public_knowledge_project:open_conference_systems	public knowledge project open conference systems	eq	1.0
public_knowledge_project:open_conference_systems	public knowledge project open conference systems	eq	1.1
public_knowledge_project:open_conference_systems	public knowledge project open conference systems	eq	1.1.1
public_knowledge_project:open_conference_systems	public knowledge project open conference systems	eq	1.1.2
public_knowledge_project:open_conference_systems	public knowledge project open conference systems	eq	1.1.3
public_knowledge_project:open_conference_systems	public knowledge project open conference systems	eq	1.1.4
public_knowledge_project:open_conference_systems	public knowledge project open conference systems	eq	1.1.5
public_knowledge_project:open_conference_systems	public knowledge project open conference systems	eq	1.1.6
public_knowledge_project:open_conference_systems	public knowledge project open conference systems	eq	1.1.7

Rows per page:

1-10 of 231

References

osvdb.org/77995

secunia.com/advisories/47330

www.exploit-db.com/exploits/18266

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.4 High

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

72.8%

JSON

Related for CVE-2011-5195

prion1 cvelist1 nvd1