CVE-2009-4140 - Unrestricted file upload vulnerability in ofc_upload_image.php in Open Flash Chart v2 Beta 1 through

CVE-2009-4140

Summary

Unrestricted file upload vulnerability in ofc_upload_image.php in Open Flash Chart v2 Beta 1 through v2 Lug Wyrm Charmer, as used in Piwik 0.2.35 through 0.4.3, Woopra Analytics Plugin before 1.4.3.2, and possibly other products, when register_globals is enabled, allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension through the name parameter with the code in the HTTP_RAW_POST_DATA parameter, then accessing it via a direct request to the file in tmp-upload-images/.

References

Vulnerable Configurations

cpe:2.3:a:teethgrinder.co.uk:open_flash_chart:2.0:beta_1:*:*:*:*:*:*
cpe:2.3:a:teethgrinder.co.uk:open_flash_chart:2.0:beta_1:*:*:*:*:*:*
cpe:2.3:a:teethgrinder.co.uk:open_flash_chart:2.0:gamera:*:*:*:*:*:*
cpe:2.3:a:teethgrinder.co.uk:open_flash_chart:2.0:gamera:*:*:*:*:*:*
cpe:2.3:a:teethgrinder.co.uk:open_flash_chart:2.0:hyperion:*:*:*:*:*:*
cpe:2.3:a:teethgrinder.co.uk:open_flash_chart:2.0:hyperion:*:*:*:*:*:*
cpe:2.3:a:teethgrinder.co.uk:open_flash_chart:2.0:ichor:*:*:*:*:*:*
cpe:2.3:a:teethgrinder.co.uk:open_flash_chart:2.0:ichor:*:*:*:*:*:*
cpe:2.3:a:teethgrinder.co.uk:open_flash_chart:2.0:j_rmungandr:*:*:*:*:*:*
cpe:2.3:a:teethgrinder.co.uk:open_flash_chart:2.0:j_rmungandr:*:*:*:*:*:*
cpe:2.3:a:teethgrinder.co.uk:open_flash_chart:2.0:j_rmungandr-2:*:*:*:*:*:*
cpe:2.3:a:teethgrinder.co.uk:open_flash_chart:2.0:j_rmungandr-2:*:*:*:*:*:*
cpe:2.3:a:teethgrinder.co.uk:open_flash_chart:2.0:kvasir:*:*:*:*:*:*
cpe:2.3:a:teethgrinder.co.uk:open_flash_chart:2.0:kvasir:*:*:*:*:*:*
cpe:2.3:a:teethgrinder.co.uk:open_flash_chart:2.0:lug_wyrm_charmer:*:*:*:*:*:*
cpe:2.3:a:teethgrinder.co.uk:open_flash_chart:2.0:lug_wyrm_charmer:*:*:*:*:*:*
cpe:2.3:a:matomo:matomo:0.2.37:*:*:*:*:*:*:*
cpe:2.3:a:matomo:matomo:0.2.37:*:*:*:*:*:*:*
cpe:2.3:a:matomo:matomo:0.4.2:*:*:*:*:*:*:*
cpe:2.3:a:matomo:matomo:0.4.2:*:*:*:*:*:*:*
cpe:2.3:a:matomo:matomo:0.4.3:*:*:*:*:*:*:*
cpe:2.3:a:matomo:matomo:0.4.3:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 21-11-2019 - 13:29)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

d2sec via4

name OpenX 2.8.6 File Upload
url http://www.d2sec.com/exploits/openx_2.8.6_file_upload.html
name Piwik 0.4.3 File Upload
url http://www.d2sec.com/exploits/piwik_0.4.3_file_upload.html
name ZonPHP 2.25 File Upload
url http://www.d2sec.com/exploits/zonphp_2.25_file_upload.html

refmap via4

bid	37314
confirm	http://piwik.org/blog/2009/10/piwik-response-to-secunia-advisory-sa37078/ http://wordpress.org/extend/plugins/woopra/changelog/
exploit-db	24969
misc	http://packetstormsecurity.com/files/123493/wpseowatcher-exec.txt http://packetstormsecurity.com/files/123494/wpslimstatex-exec.txt http://packetstormsecurity.org/0910-exploits/piwik-upload.txt
mlist	[oss-security] 20091214 CVE Request - Open Flash Chart v2 [oss-security] 20091214 Re: CVE Request - Open Flash Chart v2
osvdb	59051
secunia	37078 37911 55160 55162
vupen	ADV-2009-2966
xf	piwik-ofcuploadimage-code-execution(53825)

Last major update

21-11-2019 - 13:29

Published

22-12-2009 - 22:30

Last modified

21-11-2019 - 13:29