製品・ソフトウェアに関する情報

JVN脆弱性詳細

Piwik などの製品で使用される Open Flash Chart Lug Wyrm Charmer における任意のコードを実行される脆弱性

Title	Piwik などの製品で使用される Open Flash Chart Lug Wyrm Charmer における任意のコードを実行される脆弱性
Summary	Piwik、Woopra Analytics プラグインなどの製品で使用されている Open Flash Chart Lug Wyrm Charmer の ofc_upload_image.php は、register_globals が有効になっている際、無制限にファイルをアップロードする不備があるため、任意のコードを実行される脆弱性が存在します。
Possible impacts	リモート認証されたユーザにより、HTTP_RAW_POST_DATA パラメータ内のコードを伴う name パラメータを経由する実行可能な拡張子を伴うファイルをアップロードされ、アクセスされることで、tmp-upload-images/ の配下のファイルへの直接リクエストを介して、任意のコードを実行される可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	Oct. 21, 2009, midnight
Registration Date	Dec. 20, 2012, 7:28 p.m.
Last Update	Dec. 20, 2012, 7:28 p.m.

CVSS2.0 : 危険
Score	7.5
Vector	AV:N/AC:L/Au:N/C:P/I:P/A:P

Affected System

Piwik

Piwik 0.2.35 から 0.4.3

teethgrinder.co.uk

open flash chart v2 Beta 1 から v2

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2009-4140	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4140
National Vulnerability Database (NVD)
2	CVE-2009-4140	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4140

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-Other	https://www.ipa.go.jp/security/vuln/CWE.html#CWEOther

ベンダー情報

No	Name	URL
Piwik
1	SA37078	http://piwik.org/blog/2009/10/piwik-response-to-secunia-advisory-sa37078/
teethgrinder.co.uk
2	Top page	http://teethgrinder.co.uk/

Change Log

No	Changed Details	Date of change
0	[2012年12月20日] 掲載	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2009-4140

Summary	Unrestricted file upload vulnerability in ofc_upload_image.php in Open Flash Chart v2 Beta 1 through v2 Lug Wyrm Charmer, as used in Piwik 0.2.35 through 0.4.3, Woopra Analytics Plugin before 1.4.3.2, and possibly other products, when register_globals is enabled, allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension through the name parameter with the code in the HTTP_RAW_POST_DATA parameter, then accessing it via a direct request to the file in tmp-upload-images/.
Summary	Una vulnerabilidad de carga de archivos sin restricciones en el archivo ofc_upload_image.php en Open Flash Chart versión v2 Beta 1 hasta v2 Lug Wyrm Charmer, tal como es usado en Piwik versiones 0.2.35 hasta 0.4.3, Plugin Woopra Analytics anterior a versión 1.4.3.2, y posiblemente otros productos, cuando register_globals está habilitado, permite a los usuarios autenticados remotos ejecutar código arbitrario mediante la carga de un archivo con una extensión ejecutable por medio del parámetro name con el código en el parámetro HTTP_RAW_POST_DATA, a continuación, acceder a él por medio de una petición directa al archivo en tmp-upload-images/
Publication Date	Dec. 23, 2009, 7:30 a.m.
Registration Date	Jan. 29, 2021, 1:26 p.m.
Last Update	April 23, 2026, 9:35 a.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:teethgrinder.co.uk:open_flash_chart:2.0:beta_1::::::
cpe:2.3:a:teethgrinder.co.uk:open_flash_chart:2.0:gamera::::::
cpe:2.3:a:teethgrinder.co.uk:open_flash_chart:2.0:hyperion::::::
cpe:2.3:a:teethgrinder.co.uk:open_flash_chart:2.0:ichor::::::
cpe:2.3:a:teethgrinder.co.uk:open_flash_chart:2.0:j_rmungandr::::::
cpe:2.3:a:teethgrinder.co.uk:open_flash_chart:2.0:j_rmungandr-2::::::
cpe:2.3:a:teethgrinder.co.uk:open_flash_chart:2.0:kvasir::::::
cpe:2.3:a:teethgrinder.co.uk:open_flash_chart:2.0:lug_wyrm_charmer::::::

Configuration2	or higher	or less	more than	less than
cpe:2.3:a:matomo:matomo:0.2.37:::::::*
cpe:2.3:a:matomo:matomo:0.4.2:::::::*
cpe:2.3:a:matomo:matomo:0.4.3:::::::*

Related information, measures and tools

No	URL	refsource
1	http://packetstormsecurity.com/files/123493/wpseowatcher-exec.txt	secalert@redhat.com
2	http://packetstormsecurity.com/files/123494/wpslimstatex-exec.txt	secalert@redhat.com
3	http://packetstormsecurity.org/0910-exploits/piwik-upload.txt	secalert@redhat.com
4	http://piwik.org/blog/2009/10/piwik-response-to-secunia-advisory-sa37078/	secalert@redhat.com
5	http://secunia.com/advisories/37078	secalert@redhat.com
6	http://secunia.com/advisories/37911	secalert@redhat.com
7	http://secunia.com/advisories/55160	secalert@redhat.com
8	http://secunia.com/advisories/55162	secalert@redhat.com
9	http://wordpress.org/extend/plugins/woopra/changelog/	secalert@redhat.com
10	http://www.exploit-db.com/exploits/24969	secalert@redhat.com
11	http://www.openwall.com/lists/oss-security/2009/12/14/1	secalert@redhat.com
12	http://www.openwall.com/lists/oss-security/2009/12/14/3	secalert@redhat.com
13	http://www.osvdb.org/59051	secalert@redhat.com
14	http://www.securityfocus.com/bid/37314	secalert@redhat.com
15	http://www.vupen.com/english/advisories/2009/2966	secalert@redhat.com
16	https://exchange.xforce.ibmcloud.com/vulnerabilities/53825	secalert@redhat.com
17	http://packetstormsecurity.com/files/123493/wpseowatcher-exec.txt	af854a3a-2127-422b-91ae-364da2661108
18	http://packetstormsecurity.com/files/123494/wpslimstatex-exec.txt	af854a3a-2127-422b-91ae-364da2661108
19	http://packetstormsecurity.org/0910-exploits/piwik-upload.txt	af854a3a-2127-422b-91ae-364da2661108
20	http://piwik.org/blog/2009/10/piwik-response-to-secunia-advisory-sa37078/	af854a3a-2127-422b-91ae-364da2661108
21	http://secunia.com/advisories/37078	af854a3a-2127-422b-91ae-364da2661108
22	http://secunia.com/advisories/37911	af854a3a-2127-422b-91ae-364da2661108
23	http://secunia.com/advisories/55160	af854a3a-2127-422b-91ae-364da2661108
24	http://secunia.com/advisories/55162	af854a3a-2127-422b-91ae-364da2661108
25	http://wordpress.org/extend/plugins/woopra/changelog/	af854a3a-2127-422b-91ae-364da2661108
26	http://www.exploit-db.com/exploits/24969	af854a3a-2127-422b-91ae-364da2661108
27	http://www.openwall.com/lists/oss-security/2009/12/14/1	af854a3a-2127-422b-91ae-364da2661108
28	http://www.openwall.com/lists/oss-security/2009/12/14/3	af854a3a-2127-422b-91ae-364da2661108
29	http://www.osvdb.org/59051	af854a3a-2127-422b-91ae-364da2661108
30	http://www.securityfocus.com/bid/37314	af854a3a-2127-422b-91ae-364da2661108
31	http://www.vupen.com/english/advisories/2009/2966	af854a3a-2127-422b-91ae-364da2661108
32	https://exchange.xforce.ibmcloud.com/vulnerabilities/53825	af854a3a-2127-422b-91ae-364da2661108

Common Vulnerabilities List

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:teethgrinder.co.uk:open_flash_chart:2.0:beta_1::::::
cpe:2.3:a:teethgrinder.co.uk:open_flash_chart:2.0:gamera::::::
cpe:2.3:a:teethgrinder.co.uk:open_flash_chart:2.0:hyperion::::::
cpe:2.3:a:teethgrinder.co.uk:open_flash_chart:2.0:ichor::::::
cpe:2.3:a:teethgrinder.co.uk:open_flash_chart:2.0:j_rmungandr::::::
cpe:2.3:a:teethgrinder.co.uk:open_flash_chart:2.0:j_rmungandr-2::::::
cpe:2.3:a:teethgrinder.co.uk:open_flash_chart:2.0:kvasir::::::
cpe:2.3:a:teethgrinder.co.uk:open_flash_chart:2.0:lug_wyrm_charmer::::::