openx -- remote code execution vulnerability

ID 80B6D6CC-C970-11DF-BB18-0015587E2CC1
Type freebsd
Reporter FreeBSD
Modified 2010-09-14T00:00:00


The OpenX project reported:

It has been brought to our attention that there is a vulnerability in the 2.8 downloadable version of OpenX that can result in a server running the downloaded version of OpenX being compromised.

This vulnerability exists in the file upload functionality and allows attackers to upload and execute PHP code of their choice.