An issue was discovered in Public Knowledge Project (PKP) pkp-lib before 3.1.2-2, as used in Open Journal Systems (OJS) before 3.1.2-2. Code injection can occur in the OJS report generator if an authenticated Journal Manager user visits a crafted URL, because unserialize is used.
References
Link | Resource |
---|---|
https://github.com/pkp/pkp-lib/compare/3_1_2-1...3_1_2-2 | Patch Third Party Advisory |
https://pkp.sfu.ca/ojs/ojs_download/ | Vendor Advisory |
https://github.com/pkp/pkp-lib/issues/5302 | Third Party Advisory |
Configurations
Information
Published : 2019-12-19 11:15
Updated : 2020-08-24 10:37
NVD link : CVE-2019-19909
Mitre link : CVE-2019-19909
JSON object : View
CWE
Products Affected
sfu
- open_journal_system