Description

There is a vulnerability in the 2.8.5, 2.8.6 downloadable versions of OpenX that can result in a server running the downloaded version of OpenX being compromised. A remote attacker could use this functionality to upload and execute executable files on the system. To test this vulnerability, Acunetix created a file named testing_test on the server. You will need to delete this file.

Remediation

It is recommended to update to OpenX version 2.8.7 or to delete the following file from the OpenX installation [openx_dir]/www/admin/plugins/videoReport/lib/ofc2/ofc_upload_image.php

References

Related Vulnerabilities