OpenX Remote Code Execution Exploit

The vulnerability is caused due to the banner-edit.php script allowing the upload of files with arbitrary extensions to a folder inside the webroot. This can be exploited to e.g. execute arbitrary PHP code by uploading a specially crafted PHP script that contains the GIF magic number.
Exploit type: 
Vulnerabilty ID: 
CVE-2009-4098
Product Version: 
10.0
Released Date: 
Friday, March 5, 2010 - 00:00