Cross-Site Request Forgery Vulnerability in OpenKM by OpenKM
CVE-2012-2316

Currently unrated

Key Information:

Vendor: Openkm
Status: Openkm
Vendor: CVE Published:; 9 September 2012

What is CVE-2012-2316?

A cross-site request forgery (CSRF) vulnerability exists in the AuthServlet of OpenKM, impacting versions including 5.1.7 and earlier releases. This flaw allows an attacker to hijack the administrator's authentication, potentially leading to unauthorized execution of commands via manipulated requests to the admin/scripting.jsp endpoint. It exposes the system to significant risks by permitting remote execution of arbitrary code, necessitating immediate attention for affected users.

References

http://www.openwall.com/lists/oss-security/2012/03/23/6

mailing-listx_refsource_MLIST

http://www.openwall.com/lists/oss-security/2012/05/04/2

mailing-listx_refsource_MLIST

http://openkm.svn.sourceforge.net/viewvc/openkm?view=revi...

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Sep 9, 2012

CVE-2012-2316 Data

JSON

Openkm

What is CVE-2012-2316?

References

Timeline