CVE-2009-4140

Various Affected Software (Various Versions) - Arbitrary File Upload

Severity Score

8.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Unrestricted file upload vulnerability in ofc_upload_image.php in Open Flash Chart v2 Beta 1 through v2 Lug Wyrm Charmer, as used in Piwik 0.2.35 through 0.4.3, Woopra Analytics Plugin before 1.4.3.2, and possibly other products, when register_globals is enabled, allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension through the name parameter with the code in the HTTP_RAW_POST_DATA parameter, then accessing it via a direct request to the file in tmp-upload-images/.

Una vulnerabilidad de carga de archivos sin restricciones en el archivo ofc_upload_image.php en Open Flash Chart versión v2 Beta 1 hasta v2 Lug Wyrm Charmer, tal como es usado en Piwik versiones 0.2.35 hasta 0.4.3, Plugin Woopra Analytics anterior a versión 1.4.3.2, y posiblemente otros productos, cuando register_globals está habilitado, permite a los usuarios autenticados remotos ejecutar código arbitrario mediante la carga de un archivo con una extensión ejecutable por medio del parámetro name con el código en el parámetro HTTP_RAW_POST_DATA, a continuación, acceder a él por medio de una petición directa al archivo en tmp-upload-images/

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2009-10-21 CVE Published
2009-12-01 CVE Reserved
2009-12-17 First Exploit
2024-08-07 CVE Updated
2025-02-10 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-434: Unrestricted Upload of File with Dangerous Type

CAPEC

References (23)

URL	Tag	Source
http://packetstormsecurity.com/files/123493/wpseowatcher-exec.txt	X_refsource_misc
http://packetstormsecurity.com/files/123494/wpslimstatex-exec.txt	X_refsource_misc
http://secunia.com/advisories/55160	Third Party Advisory
http://secunia.com/advisories/55162	Third Party Advisory
http://wordpress.org/extend/plugins/woopra/changelog	X_refsource_confirm
http://www.openwall.com/lists/oss-security/2009/12/14/1	Mailing List
http://www.openwall.com/lists/oss-security/2009/12/14/3	Mailing List
http://www.osvdb.org/59051	Vdb Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/53825	Vdb Entry

URL	Date	SRC
https://packetstorm.news/files/id/123783	2013-10-26
https://www.exploit-db.com/exploits/29210	2013-10-26
https://www.exploit-db.com/exploits/24529	2013-02-20
https://www.exploit-db.com/exploits/24969	2013-04-22
https://www.exploit-db.com/exploits/24492	2013-02-13
https://www.exploit-db.com/exploits/10532	2009-12-17
https://www.exploit-db.com/exploits/29091	2013-10-20
http://packetstormsecurity.org/0910-exploits/piwik-upload.txt	2024-08-07
http://www.exploit-db.com/exploits/24969	2024-08-07
http://www.securityfocus.com/bid/37314	2024-08-07

URL	Date	SRC

URL	Date	SRC
http://piwik.org/blog/2009/10/piwik-response-to-secunia-advisory-sa37078	2019-11-21
http://secunia.com/advisories/37078	2019-11-21
http://secunia.com/advisories/37911	2019-11-21
http://www.vupen.com/english/advisories/2009/2966	2019-11-21

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Teethgrinder.co.uk Search vendor "Teethgrinder.co.uk"	Open Flash Chart Search vendor "Teethgrinder.co.uk" for product "Open Flash Chart"	2.0 Search vendor "Teethgrinder.co.uk" for product "Open Flash Chart" and version "2.0"	beta_1	Affected	in	Matomo Search vendor "Matomo"	Matomo Search vendor "Matomo" for product "Matomo"	0.2.37 Search vendor "Matomo" for product "Matomo" and version "0.2.37"	-	Affected
Teethgrinder.co.uk Search vendor "Teethgrinder.co.uk"	Open Flash Chart Search vendor "Teethgrinder.co.uk" for product "Open Flash Chart"	2.0 Search vendor "Teethgrinder.co.uk" for product "Open Flash Chart" and version "2.0"	beta_1	Affected	in	Matomo Search vendor "Matomo"	Matomo Search vendor "Matomo" for product "Matomo"	0.4.2 Search vendor "Matomo" for product "Matomo" and version "0.4.2"	-	Affected
Teethgrinder.co.uk Search vendor "Teethgrinder.co.uk"	Open Flash Chart Search vendor "Teethgrinder.co.uk" for product "Open Flash Chart"	2.0 Search vendor "Teethgrinder.co.uk" for product "Open Flash Chart" and version "2.0"	beta_1	Affected	in	Matomo Search vendor "Matomo"	Matomo Search vendor "Matomo" for product "Matomo"	0.4.3 Search vendor "Matomo" for product "Matomo" and version "0.4.3"	-	Affected
Teethgrinder.co.uk Search vendor "Teethgrinder.co.uk"	Open Flash Chart Search vendor "Teethgrinder.co.uk" for product "Open Flash Chart"	2.0 Search vendor "Teethgrinder.co.uk" for product "Open Flash Chart" and version "2.0"	gamera	Affected	in	Matomo Search vendor "Matomo"	Matomo Search vendor "Matomo" for product "Matomo"	0.2.37 Search vendor "Matomo" for product "Matomo" and version "0.2.37"	-	Affected
Teethgrinder.co.uk Search vendor "Teethgrinder.co.uk"	Open Flash Chart Search vendor "Teethgrinder.co.uk" for product "Open Flash Chart"	2.0 Search vendor "Teethgrinder.co.uk" for product "Open Flash Chart" and version "2.0"	gamera	Affected	in	Matomo Search vendor "Matomo"	Matomo Search vendor "Matomo" for product "Matomo"	0.4.2 Search vendor "Matomo" for product "Matomo" and version "0.4.2"	-	Affected
Teethgrinder.co.uk Search vendor "Teethgrinder.co.uk"	Open Flash Chart Search vendor "Teethgrinder.co.uk" for product "Open Flash Chart"	2.0 Search vendor "Teethgrinder.co.uk" for product "Open Flash Chart" and version "2.0"	gamera	Affected	in	Matomo Search vendor "Matomo"	Matomo Search vendor "Matomo" for product "Matomo"	0.4.3 Search vendor "Matomo" for product "Matomo" and version "0.4.3"	-	Affected
Teethgrinder.co.uk Search vendor "Teethgrinder.co.uk"	Open Flash Chart Search vendor "Teethgrinder.co.uk" for product "Open Flash Chart"	2.0 Search vendor "Teethgrinder.co.uk" for product "Open Flash Chart" and version "2.0"	hyperion	Affected	in	Matomo Search vendor "Matomo"	Matomo Search vendor "Matomo" for product "Matomo"	0.2.37 Search vendor "Matomo" for product "Matomo" and version "0.2.37"	-	Affected
Teethgrinder.co.uk Search vendor "Teethgrinder.co.uk"	Open Flash Chart Search vendor "Teethgrinder.co.uk" for product "Open Flash Chart"	2.0 Search vendor "Teethgrinder.co.uk" for product "Open Flash Chart" and version "2.0"	hyperion	Affected	in	Matomo Search vendor "Matomo"	Matomo Search vendor "Matomo" for product "Matomo"	0.4.2 Search vendor "Matomo" for product "Matomo" and version "0.4.2"	-	Affected
Teethgrinder.co.uk Search vendor "Teethgrinder.co.uk"	Open Flash Chart Search vendor "Teethgrinder.co.uk" for product "Open Flash Chart"	2.0 Search vendor "Teethgrinder.co.uk" for product "Open Flash Chart" and version "2.0"	hyperion	Affected	in	Matomo Search vendor "Matomo"	Matomo Search vendor "Matomo" for product "Matomo"	0.4.3 Search vendor "Matomo" for product "Matomo" and version "0.4.3"	-	Affected
Teethgrinder.co.uk Search vendor "Teethgrinder.co.uk"	Open Flash Chart Search vendor "Teethgrinder.co.uk" for product "Open Flash Chart"	2.0 Search vendor "Teethgrinder.co.uk" for product "Open Flash Chart" and version "2.0"	ichor	Affected	in	Matomo Search vendor "Matomo"	Matomo Search vendor "Matomo" for product "Matomo"	0.2.37 Search vendor "Matomo" for product "Matomo" and version "0.2.37"	-	Affected
Teethgrinder.co.uk Search vendor "Teethgrinder.co.uk"	Open Flash Chart Search vendor "Teethgrinder.co.uk" for product "Open Flash Chart"	2.0 Search vendor "Teethgrinder.co.uk" for product "Open Flash Chart" and version "2.0"	ichor	Affected	in	Matomo Search vendor "Matomo"	Matomo Search vendor "Matomo" for product "Matomo"	0.4.2 Search vendor "Matomo" for product "Matomo" and version "0.4.2"	-	Affected
Teethgrinder.co.uk Search vendor "Teethgrinder.co.uk"	Open Flash Chart Search vendor "Teethgrinder.co.uk" for product "Open Flash Chart"	2.0 Search vendor "Teethgrinder.co.uk" for product "Open Flash Chart" and version "2.0"	ichor	Affected	in	Matomo Search vendor "Matomo"	Matomo Search vendor "Matomo" for product "Matomo"	0.4.3 Search vendor "Matomo" for product "Matomo" and version "0.4.3"	-	Affected
Teethgrinder.co.uk Search vendor "Teethgrinder.co.uk"	Open Flash Chart Search vendor "Teethgrinder.co.uk" for product "Open Flash Chart"	2.0 Search vendor "Teethgrinder.co.uk" for product "Open Flash Chart" and version "2.0"	j_rmungandr	Affected	in	Matomo Search vendor "Matomo"	Matomo Search vendor "Matomo" for product "Matomo"	0.2.37 Search vendor "Matomo" for product "Matomo" and version "0.2.37"	-	Affected
Teethgrinder.co.uk Search vendor "Teethgrinder.co.uk"	Open Flash Chart Search vendor "Teethgrinder.co.uk" for product "Open Flash Chart"	2.0 Search vendor "Teethgrinder.co.uk" for product "Open Flash Chart" and version "2.0"	j_rmungandr	Affected	in	Matomo Search vendor "Matomo"	Matomo Search vendor "Matomo" for product "Matomo"	0.4.2 Search vendor "Matomo" for product "Matomo" and version "0.4.2"	-	Affected
Teethgrinder.co.uk Search vendor "Teethgrinder.co.uk"	Open Flash Chart Search vendor "Teethgrinder.co.uk" for product "Open Flash Chart"	2.0 Search vendor "Teethgrinder.co.uk" for product "Open Flash Chart" and version "2.0"	j_rmungandr	Affected	in	Matomo Search vendor "Matomo"	Matomo Search vendor "Matomo" for product "Matomo"	0.4.3 Search vendor "Matomo" for product "Matomo" and version "0.4.3"	-	Affected
Teethgrinder.co.uk Search vendor "Teethgrinder.co.uk"	Open Flash Chart Search vendor "Teethgrinder.co.uk" for product "Open Flash Chart"	2.0 Search vendor "Teethgrinder.co.uk" for product "Open Flash Chart" and version "2.0"	j_rmungandr-2	Affected	in	Matomo Search vendor "Matomo"	Matomo Search vendor "Matomo" for product "Matomo"	0.2.37 Search vendor "Matomo" for product "Matomo" and version "0.2.37"	-	Affected
Teethgrinder.co.uk Search vendor "Teethgrinder.co.uk"	Open Flash Chart Search vendor "Teethgrinder.co.uk" for product "Open Flash Chart"	2.0 Search vendor "Teethgrinder.co.uk" for product "Open Flash Chart" and version "2.0"	j_rmungandr-2	Affected	in	Matomo Search vendor "Matomo"	Matomo Search vendor "Matomo" for product "Matomo"	0.4.2 Search vendor "Matomo" for product "Matomo" and version "0.4.2"	-	Affected
Teethgrinder.co.uk Search vendor "Teethgrinder.co.uk"	Open Flash Chart Search vendor "Teethgrinder.co.uk" for product "Open Flash Chart"	2.0 Search vendor "Teethgrinder.co.uk" for product "Open Flash Chart" and version "2.0"	j_rmungandr-2	Affected	in	Matomo Search vendor "Matomo"	Matomo Search vendor "Matomo" for product "Matomo"	0.4.3 Search vendor "Matomo" for product "Matomo" and version "0.4.3"	-	Affected
Teethgrinder.co.uk Search vendor "Teethgrinder.co.uk"	Open Flash Chart Search vendor "Teethgrinder.co.uk" for product "Open Flash Chart"	2.0 Search vendor "Teethgrinder.co.uk" for product "Open Flash Chart" and version "2.0"	kvasir	Affected	in	Matomo Search vendor "Matomo"	Matomo Search vendor "Matomo" for product "Matomo"	0.2.37 Search vendor "Matomo" for product "Matomo" and version "0.2.37"	-	Affected
Teethgrinder.co.uk Search vendor "Teethgrinder.co.uk"	Open Flash Chart Search vendor "Teethgrinder.co.uk" for product "Open Flash Chart"	2.0 Search vendor "Teethgrinder.co.uk" for product "Open Flash Chart" and version "2.0"	kvasir	Affected	in	Matomo Search vendor "Matomo"	Matomo Search vendor "Matomo" for product "Matomo"	0.4.2 Search vendor "Matomo" for product "Matomo" and version "0.4.2"	-	Affected
Teethgrinder.co.uk Search vendor "Teethgrinder.co.uk"	Open Flash Chart Search vendor "Teethgrinder.co.uk" for product "Open Flash Chart"	2.0 Search vendor "Teethgrinder.co.uk" for product "Open Flash Chart" and version "2.0"	kvasir	Affected	in	Matomo Search vendor "Matomo"	Matomo Search vendor "Matomo" for product "Matomo"	0.4.3 Search vendor "Matomo" for product "Matomo" and version "0.4.3"	-	Affected
Teethgrinder.co.uk Search vendor "Teethgrinder.co.uk"	Open Flash Chart Search vendor "Teethgrinder.co.uk" for product "Open Flash Chart"	2.0 Search vendor "Teethgrinder.co.uk" for product "Open Flash Chart" and version "2.0"	lug_wyrm_charmer	Affected	in	Matomo Search vendor "Matomo"	Matomo Search vendor "Matomo" for product "Matomo"	0.2.37 Search vendor "Matomo" for product "Matomo" and version "0.2.37"	-	Affected
Teethgrinder.co.uk Search vendor "Teethgrinder.co.uk"	Open Flash Chart Search vendor "Teethgrinder.co.uk" for product "Open Flash Chart"	2.0 Search vendor "Teethgrinder.co.uk" for product "Open Flash Chart" and version "2.0"	lug_wyrm_charmer	Affected	in	Matomo Search vendor "Matomo"	Matomo Search vendor "Matomo" for product "Matomo"	0.4.2 Search vendor "Matomo" for product "Matomo" and version "0.4.2"	-	Affected
Teethgrinder.co.uk Search vendor "Teethgrinder.co.uk"	Open Flash Chart Search vendor "Teethgrinder.co.uk" for product "Open Flash Chart"	2.0 Search vendor "Teethgrinder.co.uk" for product "Open Flash Chart" and version "2.0"	lug_wyrm_charmer	Affected	in	Matomo Search vendor "Matomo"	Matomo Search vendor "Matomo" for product "Matomo"	0.4.3 Search vendor "Matomo" for product "Matomo" and version "0.4.3"	-	Affected