Openads 2.4.2 vulnerability fixed

2008.02.06
Credit: Tanatik
Risk: High
Local: No
Remote: Yes
CWE: CWE-94


CVSS Base Score: 7.5/10
Impact Subscore: 6.4/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

======================================================================== Openads security advisory OPENADS-SA-2008-001 ------------------------------------------------------------------------ Advisory ID: OPENADS-SA-2008-001 Date: 2008-Feb-04 Security risk: Critical Applications affetced: Openads Versions affected: 2.4.0 <= x <= 2.4.2 Versions not affected: >= 2.4.3 ======================================================================== ======================================================================== Vulnerability: Remote PHP code injection and execution ======================================================================== Description ----------- A remote PHP code injection and execution vulnerability has recently been found. The vulnerability affects the delivery engine, which does not require any kind of authentication. An attacker could exploit it to execute arbitrary PHP code. Solution -------- - Upgrade to Openads 2.4.3 Credits ------- - Reporter: Tanatik Contact informations ==================== The security contact for Openads can be reached at: <security AT openads DOT org> Best regards -- Matteo Beccati http://www.openads.org


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top