Unrated severityNVD Advisory· Published Sep 6, 2012· Updated Apr 29, 2026

CVE-2012-1467

Description

Multiple directory traversal vulnerabilities in the iBrowser plugin library, as used in Open Journal Systems before 2.3.7, allow remote authenticated users to (1) delete or (2) rename arbitrary files via a .. (dot dot) in the param parameter to lib/pkp/lib/tinymce/jscripts/tiny_mce/plugins/ibrowser/scripts/rfiles.php.

Affected products

Pkp/Open Journal Systems
cpe:2.3:a:pkp:open_journal_systems:*:*:*:*:*:*:*:*
Range: <=2.3.6

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.htbridge.com/advisory/HTB23079nvdExploit
pkp.sfu.ca/support/forum/viewtopic.phpnvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.002
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000