3 matches found
CVE-2019-19909
An issue was discovered in Public Knowledge Project PKP pkp-lib before 3.1.2-2, as used in Open Journal Systems OJS before 3.1.2-2. Code injection can occur in the OJS report generator if an authenticated Journal Manager user visits a crafted URL, because unserialize is used...
CVE-2019-19909
creationtimestamp| type| source ---|---|--- 2024-03-16 09:21:59+00:00| seen| https://t.me/ctinow/209425...
CVE-2019-19909
PKP pkp-lib before 3.1.2-2 and OJS before 3.1.2-2 are affected. A crafted URL can trigger code injection in the OJS report generator via unserialize when an authenticated Journal Manager visits it. Remediation: upgrade to pkp-lib 3.1.2-2 or later and OJS 3.1.2-2 or later (or apply vendor-provided...