This host is running Piwik and is prone to PHP Code Execution vulnerability.

Successful exploitation will let the remote attackers execute malicious PHP code to compromise the remote machine running the vulnerable application. Impact Level: Application

Upgrade Piwik to 0.4.4 or higher version, http://piwik.org/ and for Open Flash Chart, For Open Flash Chart, No solution or patch was made available for at least one year since disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one.

This flaw is due to improper validatin of data passed into 'name' and 'HTTP_RAW_POST_DATA' parameters in ofc_upload_image.php which can be exploited to create php files containing malicious php code.

Open Flash Chart version 2 Beta 1 through 2.x Piwik version 0.2.35 through 0.4.3 on all platforms.

• http://packetstormsecurity.org/0910-exploits/piwik-upload.txt
• http://secunia.com/advisories/37078
• http://www.openwall.com/lists/oss-security/2009/12/14/1

---

Updated on 2015-03-25