CVE-2009-4098

Sažetak

Unrestricted file upload vulnerability in banner-edit.php in OpenX adserver 2.8.1 and earlier allows remote authenticated users with banner / file upload permissions to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an images directory.

Reference

http://osvdb.org/60499
http://secunia.com/advisories/37475
http://www.openx.org/docs/2.8/release-notes/openx-2.8.2
http://www.securityfocus.com/archive/1/508050/100/0/threaded
http://www.securityfocus.com/bid/37110
https://developer.openx.org/jira/browse/OX-5747
https://exchange.xforce.ibmcloud.com/vulnerabilities/54394

CVSS

Base:	6.0
Impact:	6.4
Exploitability:	6.8

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:M/Au:S/C:P/I:P/A:P

Zadnje važnije ažuriranje

10-10-2018 - 19:48

Objavljeno

29-11-2009 - 13:08