CVE-2011-4275

This exploit demonstrates a remote code execution (RCE) vulnerability in ZonPHP v2.25 by uploading a malicious PHP file via the `ofc_upload_image.php` endpoint. The script uses cURL to send a POST request with a PHP payload, which is then accessible on the target server.

This Metasploit module exploits an unauthenticated file upload vulnerability in OpenEMR 4.1.1 via the `ofc_upload_image.php` script, allowing arbitrary PHP code execution. It uploads a malicious PHP payload to the `tmp-upload-images` directory and triggers it via HTTP request.

This exploit targets a remote code injection vulnerability in Joomla's com_civicrm component (CVE-2011-4275). It uploads a malicious PHP file via the ofc_upload_image.php script, which then executes arbitrary commands to fetch and deploy a shell.

This exploit demonstrates a remote code execution vulnerability in Open Flash Chart due to improper input sanitization. The PoC shows how an attacker can execute arbitrary PHP code by sending a crafted HTTP request with malicious data in the 'name' and 'HTTP_RAW_POST_DATA' parameters.

This Metasploit module exploits an arbitrary file upload vulnerability in Open Flash Chart v2 via the 'ofc_upload_image.php' script, allowing attackers to upload and execute malicious PHP files. The exploit leverages a lack of file extension validation and directory traversal to achieve remote code execution.

This exploit demonstrates an arbitrary file upload vulnerability in OpenEMR 4.1.1 via the 'ofc_upload_image.php' script, allowing remote code execution by uploading a malicious PHP script with multiple extensions. The PoC includes a reverse shell payload for Linux targets.