CVE-2009-4098

OpenX < 2.8.1 - Authenticated Arbitrary File Upload and Remote Code Execution via Banner Edit

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2009-4098. PoCs published by Metasploit, jduck, including Metasploit module exploits/unix/webapp/openx_banner_edit.

AI-analyzed exploit summary This Metasploit module exploits an authenticated file upload vulnerability in OpenX (CVE-2009-4098) to achieve remote code execution by uploading a malicious PHP file disguised as an image. The exploit leverages the application's failure to properly validate file extensions and image content.

Description

Unrestricted file upload vulnerability in banner-edit.php in OpenX adserver 2.8.1 and earlier allows remote authenticated users with banner / file upload permissions to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an images directory.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotephp
https://www.exploit-db.com/exploits/16903

This Metasploit module exploits an authenticated file upload vulnerability in OpenX (CVE-2009-4098) to achieve remote code execution by uploading a malicious PHP file disguised as an image. The exploit leverages the application's failure to properly validate file extensions and image content.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: OpenX < 2.8.2
Auth required
Prerequisites: Valid OpenX credentials · Existing advertiser and campaign in OpenX
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC EXCELLENT
by jduck · rubypocphp
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/webapp/openx_banner_edit.rb

This Metasploit module exploits an authenticated file upload vulnerability in OpenX (CVE-2009-4098) to achieve remote code execution by uploading a malicious PHP file disguised as an image. The exploit leverages the application's failure to properly validate file extensions and image content.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: OpenX < 2.8.2
Auth required
Prerequisites: Valid OpenX credentials · Existing advertiser and campaign in OpenX
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (7)

Core 7
Core References
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/508050/100/0/threaded
Vendor Advisory x_refsource_confirm
http://www.openx.org/docs/2.8/release-notes/openx-2.8.2
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/37475
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/54394
Various Sources x_refsource_misc
https://developer.openx.org/jira/browse/OX-5747
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/37110
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/60499

Scores

EPSS 0.1868
EPSS Percentile 96.9%

Details

CWE
CWE-20
Status published
Products (5)
openx/openx 2.4
openx/openx 2.6.1
openx/openx 2.6.3
openx/openx 2.8
openx/openx < 2.8.1
Published Nov 29, 2009
Tracked Since Feb 18, 2026