CVE-2009-4098

OpenX adserver <2.8.1 - RCE

Title source: llm

Description

Unrestricted file upload vulnerability in banner-edit.php in OpenX adserver 2.8.1 and earlier allows remote authenticated users with banner / file upload permissions to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an images directory.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotephp

https://www.exploit-db.com/exploits/16903

View Code ZIP pw:eip

metasploit WORKING POC EXCELLENT

by jduck · rubypocphp

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/webapp/openx_banner_edit.rb

View Code ZIP pw:eip

References (7)

[Vendor Advisory] http://secunia.com/advisories/37475

[Vendor Advisory] http://www.openx.org/docs/2.8/release-notes/openx-2.8.2

[Various Sources] https://developer.openx.org/jira/browse/OX-5747

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/508050/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/37110

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/54394

[Third Party Advisory, VDB Entry] http://osvdb.org/60499

Scores

EPSS 0.5058

EPSS Percentile 97.9%

Details

CWE

CWE-20

Status published

Products (5)

openx/openx 2.4

openx/openx 2.6.1

openx/openx 2.6.3

openx/openx 2.8

openx/openx < 2.8.1

Published Nov 29, 2009

Tracked Since Feb 18, 2026