oss-sec mailing list archives

CVE Request - Open Flash Chart v2

From: Anthon Pang <anthon.pang () gmail com>
Date: Mon, 14 Dec 2009 11:58:30 -0500

The Piwik project released an advisory re: the inclusion of
ofc_upload_image.php -- a potentially exploitable file from the
php-ofc-library offered by the Open Flash Chart project.

- http://piwik.org/blog/2009/10/piwik-response-to-secunia-advisory-sa37078/

Since Open Flash Chart is used by web sites and open source projects,
a common CVE makes sense.

Open Flash Chart:  Affected v2 Beta 1 through v2 Lug Wyrm Charmer.  Fixed: no
Piwki:  Affected: 0.2.35 through 0.4.3.  Fixed in 0.4.4.  (Removed file)
Open Web Analytics:  Affected: 1.2.  Fixed in svn.  (Removed file)

Other web sites/projects:
- http://www.google.com/search?q=php-ofc-library+ofc_upload_image.php+-piwik
- http://www.google.com/codesearch?q=ofc_upload_image.php

Current thread:

CVE Request - Open Flash Chart v2 Anthon Pang (Dec 14)
- <Possible follow-ups>
- Re: CVE Request - Open Flash Chart v2 Josh Bressers (Dec 14)