N/A

Multiple directory traversal vulnerabilities in the iBrowser plugin library, as used in Open Journal Systems before 2.3.7, allow remote authenticated users to (1) delete or (2) rename arbitrary files via a .. (dot dot) in the param parameter to lib/pkp/lib/tinymce/jscripts/tiny_mce/plugins/ibrowser/scripts/rfiles.php.

N/A

N/A

Open Journal Systems iBrowser插件库多个路径遍历漏洞

使用在Open Journal Systems 2.3.7之前版本中的iBrowser插件库中存在多个目录遍历漏洞。远程认证用户可利用该漏洞通过‘param’参数中的..（点点）传送到lib/pkp/lib/tinymce/jscripts/tiny_mce/plugins/ibrowser/scripts/rfiles.php脚本，(1)删除或(2)重命名任意文件。

N/A

N/A