CVE-2024-56525

N/A

In Public Knowledge Project (PKP) OJS, OMP, and OPS before 3.3.0.21 and 3.4.x before 3.4.0.8, an XXE attack by the Journal Editor Role can create a new role as super admin in the journal context, and insert a backdoor plugin, by uploading a crafted XML document as a User XML Plugin.

N/A

N/A

Public Knowledge Project Platform OJS/OMP/OPS 安全漏洞

Public Knowledge Project Platform OJS/OMP/OPS（PKP Platform OJS/OMP/OPS）是Public Knowledge Project公司的一个开源出版平台。 Public Knowledge Project Platform OJS/OMP/OPS 3.3.0.21之前版本和3.4.x至3.4.0.8之前版本存在安全漏洞，该漏洞源于XXE攻击，可能允许通过上传特制XML文档作为用户XML插件在期刊环境中创建超级管理员角色并插入后门插件。

N/A

N/A