Year-old vulnerability endangers OpenX ad server

A critical security flaw in current and older versions of the popular open source OpenX ad server allows attackers to remotely compromise a server. A few reports (German language link) even discuss successful attacks on OpenX servers in which the vulnerability was exploited.

The problem is the result of a component integrated in OpenX’s video plug-in from a third-party that allows images to be uploaded. In December 2009, the “Open Flash Chart 2” module (ofc_upload_image.php) was introduced, and apparently it doesn’t check who is uploading what, to the server. As a result, executable scripts can be saved and then run on the server.

Read more at H-online

Comments are closed.