Detections
Analytics

OpenX Open Flash Chart ofc_upload_image.php File Upload Arbitrary Code Execution

high Nessus Plugin ID 49271

Language:

Synopsis

A PHP application hosted on the remote web server allows uploading arbitrary files.

Description

The third-party Open Flash Chart component included with the version of OpenX hosted on the remote web server allows an unauthenticated attacker to upload arbitrary files to the affected system, by default in a web-accessible directory.

While Nessus has not verified this, it is likely that an attacker could exploit this to upload a script with, say, PHP code and then browse to that file, causing arbitrary code to be executed on the remote system subject to the privileges of the web server user id.

Solution

Either remove the 'ofc_upload_image.php' script in 'admin/plugins/videoReport/lib/ofc2' or upgrade to version 2.8.7 or later.

See Also

http://www.nessus.org/u?e959029c

http://blog.sucuri.net/2010/09/openx-users-time-to-upgrade.html

http://blog.openx.org/09/security-update/

Plugin Details

Severity: High

ID: 49271

File Name: openx_ofc_upload_image.nasl

Version: 1.22

Type: remote

Family: CGI abuses

Published: 9/17/2010

Updated: 6/1/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.2

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

Required KB Items: www/PHP, www/openx

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Ease: No exploit is required

Exploited by Nessus: true

Patch Publication Date: 9/14/2010

Vulnerability Publication Date: 10/19/2009

Exploitable With

Metasploit (OpenEMR PHP File Upload Vulnerability)

Elliot (OpenX 2.8.6 File Upload)

Reference Information

CVE: CVE-2009-4140

BID: 37314