cleantalk
Vulnerabilities and Security Researches

open-flash-chart-core, CVE-2009-4140

CVE, Research URL

CVE-2009-4140

Home page URL

Security reports for open-flash-chart-core

Application

open-flash-chart-core

Published on
Dec 23, 2009
Research Description
Unrestricted file upload vulnerability in ofc_upload_image.php in Open Flash Chart v2 Beta 1 through v2 Lug Wyrm Charmer, as used in Piwik 0.2.35 through 0.4.3, Woopra Analytics Plugin before 1.4.3.2, and possibly other products, when register_globals is enabled, allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension through the name parameter with the code in the HTTP_RAW_POST_DATA parameter, then accessing it via a direct request to the file in tmp-upload-images/.
Affected versions
Min -, max 0.5.
Status
vulnerable
Previous vulnerability researches
Formidable – Clockwork SMS (CVE-2017-17780) , Jun 07, 2024
Formidable PRO2PDF (9edf05f0daa525bd6ee144e3e02d24e0339516f5) , Jun 07, 2024
Formidable PRO2PDF (CVE-2023-28663) , Jun 10, 2024
Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder (CVE-2021-24884) , Jun 07, 2024
Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder (CVE-2019-15780) , Jun 07, 2024
New vulnerability
EZ SQL Reports Shortcode Widget and DB Backup (CVE-2025-6462) , Jul 01, 2025
Related Products Manager for WooCommerce (CVE-2025-50045) , Jul 01, 2025
web-cam (CVE-2025-6540) , Jul 01, 2025
WPShapere Lite (CVE-2025-53317) , Jul 01, 2025
WP Edit (CVE-2025-53253) , Jul 01, 2025