Description

Unrestricted file upload vulnerability in ofc_upload_image.php in Open Flash Chart v2 Beta 1 through v2 Lug Wyrm Charmer, as used in Piwik 0.2.35 through 0.4.3, Woopra Analytics Plugin before 1.4.3.2, and possibly other products, when register_globals is enabled, allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension through the name parameter with the code in the HTTP_RAW_POST_DATA parameter, then accessing it via a direct request to the file in tmp-upload-images/.

Remediation

Delete the file ofc_upload_image.php or apply the patch provided by the vendor.

References

CVE-2009-4140

Related Vulnerabilities

WordPress Plugin wp superb Slideshow Arbitrary File Upload (2.4)

WordPress Plugin Custom Background 'uploadify.php' Arbitrary File Upload (1.01)

WordPress Plugin Royal Gallery 'upload.php' Arbitrary File Upload (2.1)

WordPress Plugin ZoomSounds-WordPress Wave Audio Player with Playlist Arbitrary File Upload (2.0)

WordPress Plugin Matrix Gallery 'upload.php' Arbitrary File Upload (2.1)

Severity

High

Classification

CVE-2009-4140 CWE-434 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Tags

Abuse Of Functionality Arbitrary File Creation