Description
Unrestricted file upload vulnerability in ofc_upload_image.php in Open Flash Chart v2 Beta 1 through v2 Lug Wyrm Charmer, as used in Piwik 0.2.35 through 0.4.3, Woopra Analytics Plugin before 1.4.3.2, and possibly other products, when register_globals is enabled, allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension through the name parameter with the code in the HTTP_RAW_POST_DATA parameter, then accessing it via a direct request to the file in tmp-upload-images/.
Remediation
Delete the file ofc_upload_image.php or apply the patch provided by the vendor.
References
Related Vulnerabilities
WordPress Plugin Carousel slideshow Arbitrary File Upload (3.11)
WordPress Plugin Zielke Specialized Catalog Arbitrary File Upload (3.0.7)
SharePoint Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2020-0920)
WordPress Plugin Ninja Forms with File Uploads Extension Arbitrary File Upload (3.3.0)
WordPress Plugin Windows Desktop and iPhone Photo Uploader Arbitrary File Upload (1.8)