Short Name |
HTTP:PHP:OPENX-PHP-CE |
---|---|
Severity |
Major |
Recommended |
Yes |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
OpenX Banner-edit.php File Upload PHP Code Execution |
Release Date |
2016/11/29 |
Update Number |
2807 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects attempts to exploit a known vulnerability in the OpenX. An attacker can exploit this vulnerability to upload arbitrary code and execute it in the context of the webserver process.
Unrestricted file upload vulnerability in banner-edit.php in OpenX adserver 2.8.1 and earlier allows remote authenticated users with banner / file upload permissions to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an images directory.