3 matches found
Open Flash Chart 2 Arbitrary File Upload Vulnerability
This Metasploit module exploits a file upload vulnerability found in Open Flash Chart version 2. Attackers can abuse the 'ofcuploadimage.php' file in order to upload and execute malicious PHP files. This module requires Metasploit: http//metasploit.com/download Current source:...
OpenEMR PHP File Upload Vulnerability
This module exploits a vulnerability found in OpenEMR 4.1.1 By abusing the ofcuploadimage.php file from the openflashchart library, a malicious user can upload a file to the tmp-upload-images directory without any authentication, which results in arbitrary code execution. The module has been test...
Piwik ofc_upload_image.php远程PHP代码执行漏洞
BUGTRAQ ID: 37314 CVECAN ID: CVE-2009-4140 Piwik是一款利用Php+MySQL技术构建的开源网页访问统计系统。 Piwik中使用了open-flash-chart模块执行制表操作,该模块没有正确的过滤提交给ofcuploadimage.php文件的name和HTTPRAWPOSTDATA参数便用于创建文件: ? $defaultpath = '../tmp-upload-images/'; if !fileexists$defaultpath mkdir$defaultpath, 0777, true; $destination =...