Unrestricted file upload vulnerability in ofc_upload_image.php in Open Flash Chart v2 Beta 1 through v2 Lug Wyrm Charmer, as used in Piwik 0.2.35 through 0.4.3, Woopra Analytics Plugin before 1.4.3.2, and possibly other products, when register_globals is enabled, allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension through the name parameter with the code in the HTTP_RAW_POST_DATA parameter, then accessing it via a direct request to the file in tmp-upload-images/.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: redhat
Published: 2009-12-22T22:00:00
Updated: 2017-08-16T14:57:01
Reserved: 2009-12-01T00:00:00
Link: CVE-2009-4140
JSON object: View
NVD Information
Status : Modified
Published: 2009-12-22T22:30:00.530
Modified: 2019-11-21T13:29:49.017
Link: CVE-2009-4140
JSON object: View
Redhat Information
No data.
CWE