CVE-2012-1467

Description

Multiple directory traversal vulnerabilities in the iBrowser plugin library, as used in Open Journal Systems before 2.3.7, allow remote authenticated users to (1) delete or (2) rename arbitrary files via a .. (dot dot) in the param parameter to lib/pkp/lib/tinymce/jscripts/tiny_mce/plugins/ibrowser/scripts/rfiles.php.

References

http://pkp.sfu.ca/support/forum/viewtopic.php?f=2&t=8431

Details

Source: Mitre, NVD

Risk Information

CVSS v2

CVSS v3

EPSS