CVE-2013-5954

Multiple cross-site request forgery (CSRF) vulnerabilities in OpenX 2.8.11 and earlier allow remote attackers to hijack the authentication of administrators for requests that delete (1) users via admin/agency-user-unlink.php, (2) advertisers via admin/advertiser-delete.php, (3) banners via admin/banner-delete.php, (4) campaigns via admin/campaign-delete.php, (5) channels via admin/channel-delete.php, (6) affiliate websites via admin/affiliate-delete.php, or (7) zones via admin/zone-delete.php.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:revive-adserver:revive_adserver:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:openx:openx:2.8.1:*:*:*:*:*:*:*
cpe:2.3:a:openx:openx:2.8.10:*:*:*:*:*:*:*
cpe:2.3:a:openx:openx:2.8.8:*:*:*:*:*:*:*
cpe:2.3:a:openx:openx:2.8.7:*:*:*:*:*:*:*
cpe:2.3:a:openx:openx:2.8.3:*:*:*:*:*:*:*
cpe:2.3:a:openx:openx:2.8.4:*:*:*:*:*:*:*
cpe:2.3:a:openx:openx:2.8.9:*:*:*:*:*:*:*
cpe:2.3:a:openx:openx:*:*:*:*:*:*:*:*
cpe:2.3:a:openx:openx:2.8.2:*:*:*:*:*:*:*
cpe:2.3:a:openx:openx:2.8.6:*:*:*:*:*:*:*
cpe:2.3:a:openx:openx:2.8:*:*:*:*:*:*:*
cpe:2.3:a:openx:openx:2.8.5:*:*:*:*:*:*:*

Information

Published : 2014-04-25 07:15

Updated : 2018-10-09 12:34


NVD link : CVE-2013-5954

Mitre link : CVE-2013-5954


JSON object : View

CWE
CWE-352

Cross-Site Request Forgery (CSRF)

Advertisement

dedicated server usa

Products Affected

revive-adserver

  • revive_adserver

openx

  • openx