Uploaded image for project: 'CiviCRM'
  1. CiviCRM
  2. CRM-11330

Remove Open Flash Chart from packages, to prevent hacking via remote PHP code execution

          Details

          • Type: Bug
          • Status: Done/Fixed
          • Priority: Major
          • Resolution: Fixed/Completed
          • Affects Version/s: 4.1.6, 4.2.6
          • Fix Version/s: 4.2.7, 4.3.0
          • Component/s: None
          • Labels:

            Description

            My Drupal site was recently hacked, using the 'ofc_upload_image.php' file's uncorrected vulnerability to remote PHP code execution.

            I suggest that Open Flash Chart be removed from CiviCRM's default packages until it is fixed.

            For more details, see: http://www.cvedetails.com/cve/CVE-2009-4140/ or http://www.securityfocus.com/bid/37314/info

              Attachments

                Activity

                  People

                  • Assignee:
                    lobo Donald A. Lobo
                    Reporter:
                    adellefrank Adelle Frank
                  • Votes:
                    0 Vote for this issue
                    Watchers:
                    2 Start watching this issue

                    Dates

                    • Created:
                      Updated:
                      Resolved: