Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
In Public Knowledge Project (PKP) OJS, OMP, and OPS before 3.3.0.21 and 3.4.x before 3.4.0.8, an XXE attack by the Journal Editor Role can create a new role as super admin in the journal context, and insert a backdoor plugin, by uploading a crafted XML document as a User XML Plugin.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Public Knowledge Project Platform OJS/OMP/OPS 安全漏洞
Vulnerability Description
Public Knowledge Project Platform OJS/OMP/OPS(PKP Platform OJS/OMP/OPS)是Public Knowledge Project公司的一个开源出版平台。 Public Knowledge Project Platform OJS/OMP/OPS 3.3.0.21之前版本和3.4.x至3.4.0.8之前版本存在安全漏洞,该漏洞源于XXE攻击,可能允许通过上传特制XML文档作为用户XML插件在期刊环境中创建超级管理员角色并插入后门插件。
CVSS Information
N/A
Vulnerability Type
N/A