CVE-2009-4098

Published Nov 29, 2009

Last updated 6 years ago

Overview

Description: Unrestricted file upload vulnerability in banner-edit.php in OpenX adserver 2.8.1 and earlier allows remote authenticated users with banner / file upload permissions to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an images directory.
Source: cve@mitre.org
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 6
Impact score: 6.4
Exploitability score: 6.8
Vector string: AV:N/AC:M/Au:S/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-20

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:openx:openx:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A6969C05-6A0C-402D-9457-E519F56912F1",
            "versionEndIncluding": "2.8.1"
          },
          {
            "criteria": "cpe:2.3:a:openx:openx:2.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "220D8830-4421-4393-B41F-691A0E465374"
          },
          {
            "criteria": "cpe:2.3:a:openx:openx:2.6.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F7D866D9-F3CB-4A5D-8946-62A425173845"
          },
          {
            "criteria": "cpe:2.3:a:openx:openx:2.6.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "39E8AB7C-CCC8-4C5E-8E42-C57C81C5EE16"
          },
          {
            "criteria": "cpe:2.3:a:openx:openx:2.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3F957F8C-88C3-4F0C-85A8-27AA58847DF6"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Configurations

References