HTTP: OpenX Banner-edit.php File Upload PHP Code Execution
This signature detects attempts to exploit a known vulnerability in the OpenX. An attacker can exploit this vulnerability to upload arbitrary code and execute it in the context of the webserver process.
Extended Description
Unrestricted file upload vulnerability in banner-edit.php in OpenX adserver 2.8.1 and earlier allows remote authenticated users with banner / file upload permissions to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an images directory.
Affected Products
Openx openx
Short Name
HTTP:PHP:OPENX-PHP-CE
Severity
Major
Recommended
True
Recommended Action
Drop
Category
HTTP
Keywords
Banner-edit.php CVE-2009-4098 Code Execution File OpenX PHP Upload bid:37110
Release Date
11/29/2016
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Openx
CVSS Score
6.0