CVE-2009-4140
CVE-2009-4140
Unrestricted file upload vulnerability in ofc_upload_image.php in Open Flash Chart v2 Beta 1 through v2 Lug Wyrm Charmer, as used in Piwik 0.2.35 through 0.4.3, Woopra Analytics Plugin before 1.4.3.2, and possibly other products, when register_globals is enabled, allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension through the name parameter with the code in the HTTP_RAW_POST_DATA parameter, then accessing it via a direct request to the file in tmp-upload-images/.
Affected products
n/a · n/apublic PoCs found — 10
cve_referencepacketstormsecurity.com/files/123493/wpseowatcher-exec.txtunverifiedcve_referencepacketstormsecurity.com/files/123494/wpslimstatex-exec.txtunverifiedcve_referencepacketstormsecurity.org/0910-exploits/piwik-upload.txtunverifiedcve_referencewww.exploit-db.com/exploits/24969unverifiedexploitdbwww.exploit-db.com/exploits/29210unverifiedexploitdbwww.exploit-db.com/exploits/24529unverifiedexploitdbwww.exploit-db.com/exploits/24969unverifiedexploitdbwww.exploit-db.com/exploits/24492unverifiedexploitdbwww.exploit-db.com/exploits/10532unverifiedexploitdbwww.exploit-db.com/exploits/29091unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://packetstormsecurity.com/files/123493/wpseowatcher-exec.txthttp://packetstormsecurity.com/files/123494/wpslimstatex-exec.txthttp://packetstormsecurity.org/0910-exploits/piwik-upload.txthttp://piwik.org/blog/2009/10/piwik-response-to-secunia-advisory-sa37078/http://secunia.com/advisories/37078http://secunia.com/advisories/37911http://secunia.com/advisories/55160http://secunia.com/advisories/55162https://exchange.xforce.ibmcloud.com/vulnerabilities/53825http://wordpress.org/extend/plugins/woopra/changelog/http://www.exploit-db.com/exploits/24969http://www.openwall.com/lists/oss-security/2009/12/14/1