QwikSec

Security Database

CVE

CWE

Training

CVE-2009-4140

Published: Dec 22, 2009

Modified: Aug 7, 2024

PUBLISHED

Description

Unrestricted file upload vulnerability in ofc_upload_image.php in Open Flash Chart v2 Beta 1 through v2 Lug Wyrm Charmer, as used in Piwik 0.2.35 through 0.4.3, Woopra Analytics Plugin before 1.4.3.2, and possibly other products, when register_globals is enabled, allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension through the name parameter with the code in the HTTP_RAW_POST_DATA parameter, then accessing it via a direct request to the file in tmp-upload-images/.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vdb-entry

x_refsource_BID

vdb-entry

x_refsource_OSVDB

http://packetstormsecurity.com/files/123494/wpslimstatex-exec.txt

x_refsource_MISC

[oss-security] 20091214 Re: CVE Request - Open Flash Chart v2

mailing-list

x_refsource_MLIST

[oss-security] 20091214 CVE Request - Open Flash Chart v2

mailing-list

x_refsource_MLIST

piwik-ofcuploadimage-code-execution(53825)

vdb-entry

x_refsource_XF

third-party-advisory

x_refsource_SECUNIA

http://wordpress.org/extend/plugins/woopra/changelog/

x_refsource_CONFIRM

http://packetstormsecurity.org/0910-exploits/piwik-upload.txt

x_refsource_MISC

third-party-advisory

x_refsource_SECUNIA

exploit

x_refsource_EXPLOIT-DB

third-party-advisory

x_refsource_SECUNIA

http://piwik.org/blog/2009/10/piwik-response-to-secunia-advisory-sa37078/

x_refsource_CONFIRM

vdb-entry

x_refsource_VUPEN

http://packetstormsecurity.com/files/123493/wpseowatcher-exec.txt

x_refsource_MISC

third-party-advisory

x_refsource_SECUNIA

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.