vendor:
Open Flash Chart
by:
Braeden Thomas
7.5
CVSS
HIGH
Input Validation Error
20
CWE
Product Name: Open Flash Chart
Affected Version From: Piwik Piwik 0.4.3
Affected Version To: Open Flash Chart 2.0
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009
Bugtraq ID: 37314
Open Flash Chart is prone to a vulnerability that lets remote attackers execute arbitrary code because the application fails to sanitize user-supplied input. Attackers can exploit this issue to execute arbitrary PHP code within the context of the affected webserver process.
Mitigation:
Input validation should be used to ensure that untrusted data is not used to execute unintended commands.