CVE-2009-4140

Опубликовано: 22 дек. 2009

Источник: nvd

CVSS2: 7.5

EPSS Критический

Описание

Unrestricted file upload vulnerability in ofc_upload_image.php in Open Flash Chart v2 Beta 1 through v2 Lug Wyrm Charmer, as used in Piwik 0.2.35 through 0.4.3, Woopra Analytics Plugin before 1.4.3.2, and possibly other products, when register_globals is enabled, allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension through the name parameter with the code in the HTTP_RAW_POST_DATA parameter, then accessing it via a direct request to the file in tmp-upload-images/.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:a:teethgrinder.co.uk:open_flash_chart:2.0:beta_1:*:*:*:*:*:*

cpe:2.3:a:teethgrinder.co.uk:open_flash_chart:2.0:gamera:*:*:*:*:*:*

cpe:2.3:a:teethgrinder.co.uk:open_flash_chart:2.0:hyperion:*:*:*:*:*:*

cpe:2.3:a:teethgrinder.co.uk:open_flash_chart:2.0:ichor:*:*:*:*:*:*

cpe:2.3:a:teethgrinder.co.uk:open_flash_chart:2.0:j_rmungandr:*:*:*:*:*:*

cpe:2.3:a:teethgrinder.co.uk:open_flash_chart:2.0:j_rmungandr-2:*:*:*:*:*:*

cpe:2.3:a:teethgrinder.co.uk:open_flash_chart:2.0:kvasir:*:*:*:*:*:*

cpe:2.3:a:teethgrinder.co.uk:open_flash_chart:2.0:lug_wyrm_charmer:*:*:*:*:*:*

Одно из

cpe:2.3:a:matomo:matomo:0.2.37:*:*:*:*:*:*:*

cpe:2.3:a:matomo:matomo:0.4.2:*:*:*:*:*:*:*

cpe:2.3:a:matomo:matomo:0.4.3:*:*:*:*:*:*:*

EPSS

Процентиль: 100%

0.91085

Критический

7.5 High

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

CVE-2009-4140

debian

около 16 лет назад

Unrestricted file upload vulnerability in ofc_upload_image.php in Open ...

GHSA-x396-wp63-mv42

github

почти 4 года назад