Back to search
CVE-2012-2316
Published: Sep 9, 2012
Modified: Sep 16, 2024
PUBLISHED
Description
Cross-site request forgery (CSRF) vulnerability in servlet/admin/AuthServlet.java in OpenKM 5.1.7 and other versions before 5.1.8-2 allows remote attackers to hijack the authentication of administrators for requests that execute arbitrary code via the script parameter to admin/scripting.jsp.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
[oss-security] 20120323 CVE-request: OpenKM 5.1.7 Privilege Escalation / OS Command Execution (XSRF based)
mailing-list
x_refsource_MLIST
[oss-security] 20120504 Re: CVE-request: OpenKM 5.1.7 Privilege Escalation / OS Command Execution (XSRF based)
mailing-list
x_refsource_MLIST
http://openkm.svn.sourceforge.net/viewvc/openkm?view=revision&revision=7406
x_refsource_CONFIRM
[oss-security] 20120323 Re: CVE-request: OpenKM 5.1.7 Privilege Escalation / OS Command Execution (XSRF based)
mailing-list
x_refsource_MLIST
47420
third-party-advisory
x_refsource_SECUNIA
http://wiki.openkm.com/index.php/Changelog
x_refsource_CONFIRM
20120103 OpenKM 5.1.7 OS Command Execution (XSRF based)
mailing-list
x_refsource_BUGTRAQ
78106
vdb-entry
x_refsource_OSVDB
[oss-security] 20120504 Re: CVE-request: OpenKM 5.1.7 Privilege Escalation / OS Command Execution (XSRF based)
mailing-list
x_refsource_MLIST
[oss-security] 20120427 Re: CVE-request: OpenKM 5.1.7 Privilege Escalation / OS Command Execution (XSRF based)
mailing-list
x_refsource_MLIST
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now