CVSS: 8.8EPSS: 97%CPEs: 11EXPL: 10CVE-2009-4140 – Various Affected Software (Various Versions) - Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2009-4140
21 Oct 2009 — Unrestricted file upload vulnerability in ofc_upload_image.php in Open Flash Chart v2 Beta 1 through v2 Lug Wyrm Charmer, as used in Piwik 0.2.35 through 0.4.3, Woopra Analytics Plugin before 1.4.3.2, and possibly other products, when register_globals is enabled, allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension through the name parameter with the code in the HTTP_RAW_POST_DATA parameter, then accessing it via a direct request to the file in tmp-upl... • https://packetstorm.news/files/id/123783 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2009-1085
https://notcve.org/view.php?id=CVE-2009-1085
25 Mar 2009 — Piwik 0.2.32 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the API key and other sensitive information via a direct request for misc/cron/archive.sh. Piwik v0.2.32 y anterioes almacenan información sensible bajo en directorio raíz Web con control de acceso insuficiente, lo que permite a atacantes remotos conseguir la clave API y otra información sensible a través de una petición directa de misc/cron/archive.sh. • http://dev.piwik.org/trac/ticket/599 • CWE-264: Permissions, Privileges, and Access Controls •