OpenX Remote Code Execution Exploit

The vulnerability is caused due to the banner-edit.php script allowing the upload of files with arbitrary extensions to a folder inside the webroot. This can be exploited to e.g. execute arbitrary PHP code by uploading a specially crafted PHP script that contains the GIF magic number.
Exploit type: 
Vulnerabilty ID: 
CVE-2009-4098
Released Date: 
Thursday, March 4, 2010 - 18:00