Showing 1 - 1 of 1

CVE-2009-4140

Status Candidate

Overview

Unrestricted file upload vulnerability in ofc_upload_image.php in Open Flash Chart v2 Beta 1 through v2 Lug Wyrm Charmer, as used in Piwik 0.2.35 through 0.4.3, Woopra Analytics Plugin before 1.4.3.2, and possibly other products, when register_globals is enabled, allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension through the name parameter with the code in the HTTP_RAW_POST_DATA parameter, then accessing it via a direct request to the file in tmp-upload-images/.

Related Files

Open Flash Chart 2 Arbitrary File Upload: Posted Oct 26, 2013; Authored by Braeden Thomas | Site metasploit.com; This Metasploit module exploits a file upload vulnerability found in Open Flash Chart version 2. Attackers can abuse the 'ofc_upload_image.php' file in order to upload and execute malicious PHP files.; tags | exploit, php, file upload; advisories | CVE-2009-4140, OSVDB-59051; SHA-256 | b8a492ec3d568f27f3072ee7a134a2a0e51461ff46fb4b93914e0b100f645e82; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 210 files
indoushka 182 files
Ubuntu 93 files
Gentoo 32 files
Debian 18 files
Matthias Deeg 11 files
Chris Beiter 11 files
Frederik Beimgraben 11 files
Apple 10 files
malvuln 8 files

File Archives

Systems

AIX (430)
Apple (2,115)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,135)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,599)
HPUX (881)
iOS (390)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,421)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (16,936)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,899)
UNIX (9,465)
UnixWare (188)
Windows (6,782)
Other

CVE-2009-4140

Overview

Related Files

File Archive:

October 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems