CVE-2009-4140

This exploit targets a remote code injection vulnerability in Joomla's com_civicrm component (CVE-2011-4275). It uploads a malicious PHP file via the ofc_upload_image.php script, which then executes arbitrary commands to fetch and deploy a shell.

This exploit demonstrates a remote code execution (RCE) vulnerability in ZonPHP v2.25 by uploading a malicious PHP file via the 'ofc_upload_image.php' endpoint. The script uses cURL to send a POST request with a PHP payload, which is then accessible on the target server.

The exploit demonstrates a remote code execution vulnerability in Open Flash Chart due to improper input sanitization. The provided URI example shows how arbitrary PHP code can be executed via the 'name' and 'HTTP_RAW_POST_DATA' parameters.

This PHP script exploits an arbitrary file upload vulnerability in OpenEMR 4.1.1 by uploading a malicious PHP script with multiple extensions via the 'name' parameter in '/library/openflashchart/php-ofc-library/ofc_upload_image.php'. It establishes a reverse shell connection to the attacker's machine.

This Metasploit module exploits an unauthenticated file upload vulnerability in OpenEMR 4.1.1 via the `ofc_upload_image.php` script, allowing arbitrary PHP code execution. It uploads a malicious PHP payload to the `tmp-upload-images` directory and executes it.

This Metasploit module exploits an arbitrary file upload vulnerability in Open Flash Chart v2 via the 'ofc_upload_image.php' script, allowing attackers to upload and execute malicious PHP files. The exploit leverages a lack of file extension validation and improper path handling to achieve remote code execution.

This Metasploit module exploits an unauthenticated file upload vulnerability in OpenEMR 4.1.1 via the `ofc_upload_image.php` script, allowing arbitrary PHP code execution. It uploads a malicious PHP payload to the `tmp-upload-images` directory and triggers execution via HTTP request.

This Metasploit module exploits a file upload vulnerability in Open Flash Chart v2 via the 'ofc_upload_image.php' script, allowing arbitrary PHP file upload and execution. The exploit uploads a malicious PHP payload and triggers its execution by accessing the uploaded file.