CVE-2023-47271:

0.0 CVSS

Description

PKP-WAL (aka PKP Web Application Library or pkp-lib) before 3.3.0-16, as used in Open Journal Systems (OJS) and other products, does not verify that the file named in an XML document (used for the native import/export plugin) is an image file, before trying to use it for an issue cover image.

Classification

CVE ID: CVE-2023-47271

CVSS Base Severity: LOW

CVSS Base Score: 0.0

Affected Products

Vendor: n/a

Product: n/a

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.08% (probability of being exploited)

EPSS Percentile: 36.69% (scored less or equal to compared to others)

EPSS Date: 2025-02-03 (when was this score calculated)

References

https://github.com/pkp/pkp-lib/issues/9464
http://packetstormsecurity.com/files/176255/PKP-WAL-3.4.0-3-Remote-Code-Execution.html
http://seclists.org/fulldisclosure/2023/Dec/23

Timeline

2024-11-27 14:41:30 UTC
CVE