CVE-2019-19909

Published
View on NVD ↗
CVSS v3
8.8
HIGH
CVSS v2
6.8
MEDIUM
Affected
1
PROJECT

Description

An issue was discovered in Public Knowledge Project (PKP) pkp-lib before 3.1.2-2, as used in Open Journal Systems (OJS) before 3.1.2-2. Code injection can occur in the OJS report generator if an authenticated Journal Manager user visits a crafted URL, because unserialize is used.

pkp/pkp-lib
pkp/pkp-lib
The library used by PKP's applications OJS, OMP and OPS, open source software for scholarly publishing.
GitHubGitHub
344