Lucene search
K

CVE-2009-4098

🗓️ 28 Nov 2009 11:00:00Reported by mitreType 
cve
 cve
🔗 web.nvd.nist.gov👁 45 Views🌐 WEB

Unrestricted file upload vulnerability in OpenX adserver 2.8.1 and earlier

Related
Detection
Refs
Paths
ReporterTitlePublishedViews
Family
Tenable Nessus
OpenX < 2.8.2 Arbitrary File Upload
25 Nov 200900:00
nessus
Circl
CVE-2009-4098
20 Sep 201000:00
circl
Cvelist
CVE-2009-4098
28 Nov 200911:00
cvelist
Exploit DB
OpenX - &#039;banner-edit.php&#039; Arbitrary File Upload / PHP Code Execution (Metasploit)
20 Sep 201000:00
exploitdb
Metasploit
OpenX banner-edit.php File Upload PHP Code Execution
8 May 201003:07
metasploit
NVD
CVE-2009-4098
29 Nov 200913:08
nvd
OpenVAS
OpenX Arbitrary File Upload Vulnerability
25 Nov 200900:00
openvas
OpenVAS
OpenX Arbitrary File Upload Vulnerability
25 Nov 200900:00
openvas
Packet Storm
OpenX banner-edit.php File Upload PHP Code Execution
8 May 201000:00
packetstorm
Prion
Unrestricted file upload
29 Nov 200913:08
prion
Rows per page
NVD
Node
openxopenxRange2.8.1
OR
openxopenxMatch2.4
OR
openxopenxMatch2.6.1
OR
openxopenxMatch2.6.3
OR
openxopenxMatch2.8
ParameterPositionPathDescriptionCWE
_qf__bannerFormrequest bodyadmin/banner-edit.phpOpenX banner-edit.php file upload endpoint used to upload a PHP payload disguised as a banner image; leads to code execution when PHP file is accessed.CWE-20
clientidrequest bodyadmin/banner-edit.phpOpenX banner-edit.php file upload endpoint used to upload a PHP payload disguised as a banner image; leads to code execution when PHP file is accessed.CWE-20
campaignidrequest bodyadmin/banner-edit.phpOpenX banner-edit.php file upload endpoint used to upload a PHP payload disguised as a banner image; leads to code execution when PHP file is accessed.CWE-20
banneridrequest bodyadmin/banner-edit.phpOpenX banner-edit.php file upload endpoint used to upload a PHP payload disguised as a banner image; leads to code execution when PHP file is accessed.CWE-20
typerequest bodyadmin/banner-edit.phpOpenX banner-edit.php file upload endpoint used to upload a PHP payload disguised as a banner image; leads to code execution when PHP file is accessed.CWE-20
statusrequest bodyadmin/banner-edit.phpOpenX banner-edit.php file upload endpoint used to upload a PHP payload disguised as a banner image; leads to code execution when PHP file is accessed.CWE-20
MAX_FILE_SIZErequest bodyadmin/banner-edit.phpOpenX banner-edit.php file upload endpoint used to upload a PHP payload disguised as a banner image; leads to code execution when PHP file is accessed.CWE-20
replaceimagerequest bodyadmin/banner-edit.phpOpenX banner-edit.php file upload endpoint used to upload a PHP payload disguised as a banner image; leads to code execution when PHP file is accessed.CWE-20
replacealtimagerequest bodyadmin/banner-edit.phpOpenX banner-edit.php file upload endpoint used to upload a PHP payload disguised as a banner image; leads to code execution when PHP file is accessed.CWE-20
descriptionrequest bodyadmin/banner-edit.phpOpenX banner-edit.php file upload endpoint used to upload a PHP payload disguised as a banner image; leads to code execution when PHP file is accessed.CWE-20
Rows per page

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

16 Jun 2026 23:13Current
7.3High risk
Vulners AI Score7.3
CVSS 26
EPSS0.18676
45