CVE-2011-5196

Name of the Vulnerable Software and Affected Versions Public Knowledge Project Open Journal Systems versions 2.3.6 and earlier

Description A cross-site request forgery (CSRF) issue exists, allowing remote attackers to hijack administrator authentication for requests that upload PHP files, specifically targeting the index/manager/fileUpload endpoint.

Recommendations For Public Knowledge Project Open Journal Systems versions 2.3.6 and earlier, update to a version later than 2.3.6 to resolve the issue. As a temporary workaround, consider restricting access to the index/manager/fileUpload endpoint to minimize the risk of exploitation.