Work at SourceForge, help us to make it a better place! We have an immediate need for a Support Technician in our San Francisco or Denver office.

Close

Security vulnerability: ofc_upload_image.php

Jeff
2011-12-31
2013-05-28
  • Jeff
    Jeff
    2011-12-31

    Hello,

    Please see http://forums.cnet.com/7726-6132_102-5078545.html and http://packetstormsecurity.org/files/98311/sa43248.txt.  php-ofc-library/ofc_upload_image.php allows malicious people to upload an arbitrary file to compromise the server.  Hackers were able to compromise one of my sites with civiCRM (which packages OpenFlashChart), using this vulnerability.

    I would be willing to work on a patch, but I am not familiar with OpenFlashChart, or the purpose of ofc_upload_image.php.  Would you be able to offer any guidance?

    Thanks!