Openads 2.4.2 vulnerability fixed

2008.02.06
Credit: Tanatik
Risk: High
Local: No
Remote: Yes
CWE: CWE-94


Ogólna skala CVSS: 7.5/10
Znaczenie: 6.4/10
Łatwość wykorzystania: 10/10
Wymagany dostęp: Zdalny
Złożoność ataku: Niska
Autoryzacja: Nie wymagana
Wpływ na poufność: Częściowy
Wpływ na integralność: Częściowy
Wpływ na dostępność: Częściowy

======================================================================== Openads security advisory OPENADS-SA-2008-001 ------------------------------------------------------------------------ Advisory ID: OPENADS-SA-2008-001 Date: 2008-Feb-04 Security risk: Critical Applications affetced: Openads Versions affected: 2.4.0 <= x <= 2.4.2 Versions not affected: >= 2.4.3 ======================================================================== ======================================================================== Vulnerability: Remote PHP code injection and execution ======================================================================== Description ----------- A remote PHP code injection and execution vulnerability has recently been found. The vulnerability affects the delivery engine, which does not require any kind of authentication. An attacker could exploit it to execute arbitrary PHP code. Solution -------- - Upgrade to Openads 2.4.3 Credits ------- - Reporter: Tanatik Contact informations ==================== The security contact for Openads can be reached at: <security AT openads DOT org> Best regards -- Matteo Beccati http://www.openads.org


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top