Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Incomplete blacklist vulnerability in Open Journal Systems before 2.3.7 allows remote authenticated users with the Author Role permission to execute arbitrary code by uploading a file with an executable extension that is not ".php", then accessing it via a direct request to the file in submission/original/ in the associated article directory, as demonstrated using .pHp, .asp, and other extensions.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Open Journal Systems 不完全黑名单漏洞
Vulnerability Description
Open Journal Systems 2.3.7之前版本中存在不完全黑名单漏洞。远程认证用户可利用该漏洞以Author Role权限通过上传不包含‘.php’的可执行扩展文件,执行任意代码;通过直接请求到相关文章目录下的submission/original/中的文件,如使用‘.pHp’、‘.asp’和其他扩展名访问它。
CVSS Information
N/A
Vulnerability Type
N/A