- Description
- Unrestricted file upload vulnerability in banner-edit.php in OpenX adserver 2.8.1 and earlier allows remote authenticated users with banner / file upload permissions to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an images directory.
- Source
- cve@mitre.org
- NVD status
- Modified
CVSS 2.0
- Type
- Primary
- Base score
- 6
- Impact score
- 6.4
- Exploitability score
- 6.8
- Vector string
- AV:N/AC:M/Au:S/C:P/I:P/A:P
- nvd@nist.gov
- CWE-20
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openx:openx:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A6969C05-6A0C-402D-9457-E519F56912F1",
"versionEndIncluding": "2.8.1"
},
{
"criteria": "cpe:2.3:a:openx:openx:2.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "220D8830-4421-4393-B41F-691A0E465374"
},
{
"criteria": "cpe:2.3:a:openx:openx:2.6.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F7D866D9-F3CB-4A5D-8946-62A425173845"
},
{
"criteria": "cpe:2.3:a:openx:openx:2.6.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "39E8AB7C-CCC8-4C5E-8E42-C57C81C5EE16"
},
{
"criteria": "cpe:2.3:a:openx:openx:2.8:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3F957F8C-88C3-4F0C-85A8-27AA58847DF6"
}
],
"operator": "OR"
}
]
}
]