CVE-2009-4098

Name of the Vulnerable Software and Affected Versions OpenX adserver versions 2.8.1 and earlier

Description The issue allows remote authenticated users with banner or file upload permissions to execute arbitrary code by uploading a file with an executable extension and then accessing it via a direct request to the file in an images directory.

Recommendations For OpenX adserver versions 2.8.1 and earlier, consider restricting file upload permissions to prevent unauthorized access, and avoid using executable extensions for uploaded files until a fix is available. As a temporary workaround, consider disabling the file upload feature in banner-edit.php to minimize the risk of exploitation.