Description
There is a vulnerability in the 2.8.5, 2.8.6 downloadable versions of OpenX that can result in a server running the downloaded version of OpenX being compromised. A remote attacker could use this functionality to upload and execute executable files on the system. To test this vulnerability, Acunetix created a file named testing_test on the server. You will need to delete this file.
Remediation
It is recommended to update to OpenX version 2.8.7 or to delete the following file from the OpenX installation [openx_dir]/www/admin/plugins/videoReport/lib/ofc2/ofc_upload_image.php
References
Related Vulnerabilities
Oracle Application Server Other Vulnerability (CVE-2007-0281)
ownCloud Credentials Management Errors Vulnerability (CVE-2012-5607)
IBM RTC Permissions, Privileges, and Access Controls Vulnerability (CVE-2015-7440)
XWiki Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2023-29509)