NVD

Id
51286  
Name
CVE-2009-4140  
Description
Unrestricted file upload vulnerability in ofc_upload_image.php in Open Flash Chart v2 Beta 1 through v2 Lug Wyrm Charmer, as used in Piwik 0.2.35 through 0.4.3, Woopra Analytics Plugin before 1.4.3.2, and possibly other products, when register_globals is enabled, allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension through the name parameter with the code in the HTTP_RAW_POST_DATA parameter, then accessing it via a direct request to the file in tmp-upload-images/.  
Reject
 
CVSS Version
2  
CVSS Score
7.5  
Severity
High  
CVSS Base Score
7.5  
CVSS Impact Subscore
6.4  
CVSS Exploit Subscore
10  
CVSS Vector
(AV:N/AC:L/Au:N/C:P/I:P/A:P)  
Pub Date
2017-01-07  
Published
2009-12-22  
Modified Date
2013-12-12  
Seq
2009-4140  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
260138 51286 CVE-2009-4140 http://packetstormsecurity.com/files/123493/wpseowatcher-exec.txt  View
260139 51286 CVE-2009-4140 http://packetstormsecurity.com/files/123494/wpslimstatex-exec.txt  View
260140 51286 CVE-2009-4140 http://packetstormsecurity.org/0910-exploits/piwik-upload.txt  View
260141 51286 CVE-2009-4140 http://piwik.org/blog/2009/10/piwik-response-to-secunia-advisory-sa37078/  View
260142 51286 CVE-2009-4140 http://wordpress.org/extend/plugins/woopra/changelog/  View
260143 51286 CVE-2009-4140 24969  View
260144 51286 CVE-2009-4140 [oss-security] 20091214 CVE Request - Open Flash Chart v2  View
260145 51286 CVE-2009-4140 [oss-security] 20091214 Re: CVE Request - Open Flash Chart v2  View
260146 51286 CVE-2009-4140 37314  View
260147 51286 CVE-2009-4140 ADV-2009-2966  View
260148 51286 CVE-2009-4140 piwik-ofcuploadimage-code-execution(53825)  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
45492 JVNDB-2009-006499 Piwik などの製品で使用される Open Flash Chart Lug Wyrm Charmer における任意のコードを実行される脆弱性 Piwik、Woopra Analytics プラグインなどの製品で使用されている Open Flash Chart Lug Wyrm Charmer の ofc_upload_image.php は、register_globals が有効になっている際、無制限にファイルをアップロードする不備があるため、任意のコードを実行される脆弱性が存在します。 CVE-2009-4140 41571 CVE-2009-4140 51286 7.5 http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-006499.html 2009-10-21 2012-12-20 View