CVE-2012-1468

Name of the Vulnerable Software and Affected Versions Open Journal Systems versions prior to 2.3.7

Description The issue allows remote authenticated users with the Author Role permission to execute arbitrary code by uploading a file with an executable extension that is not ".php", then accessing it via a direct request to the file in submission/original/ in the associated article directory. This can be achieved by using various executable extensions.

Recommendations For versions prior to 2.3.7, update to version 2.3.7 or later to resolve the issue. As a temporary workaround, consider restricting file uploads to only necessary extensions and limiting access to the submission/original/ directory to minimize the risk of exploitation.