FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

openx -- remote code execution vulnerability

Affected packages
openx < 2.8.7


VuXML ID 80b6d6cc-c970-11df-bb18-0015587e2cc1
Discovery 2010-09-14
Entry 2010-09-26

The OpenX project reported:

It has been brought to our attention that there is a vulnerability in the 2.8 downloadable version of OpenX that can result in a server running the downloaded version of OpenX being compromised.

This vulnerability exists in the file upload functionality and allows attackers to upload and execute PHP code of their choice.