Jeff - 2011-12-31

Hello,

Please see http://forums.cnet.com/7726-6132_102-5078545.html and http://packetstormsecurity.org/files/98311/sa43248.txt.  php-ofc-library/ofc_upload_image.php allows malicious people to upload an arbitrary file to compromise the server.  Hackers were able to compromise one of my sites with civiCRM (which packages OpenFlashChart), using this vulnerability.

I would be willing to work on a patch, but I am not familiar with OpenFlashChart, or the purpose of ofc_upload_image.php.  Would you be able to offer any guidance?

Thanks!