[OPENADS-SA-2008-001] Openads 2.4.2 vulnerability fixed

2008-02-05T00:00:00
ID SECURITYVULNS:DOC:19003
Type securityvulns
Reporter Securityvulns
Modified 2008-02-05T00:00:00

Description

======================================================================== Openads security advisory OPENADS-SA-2008-001


Advisory ID: OPENADS-SA-2008-001 Date: 2008-Feb-04 Security risk: Critical Applications affetced: Openads Versions affected: 2.4.0 <= x <= 2.4.2 Versions not affected: >= 2.4.3 ========================================================================

======================================================================== Vulnerability: Remote PHP code injection and execution ========================================================================

Description

A remote PHP code injection and execution vulnerability has recently been found. The vulnerability affects the delivery engine, which does not require any kind of authentication. An attacker could exploit it to execute arbitrary PHP code.

Solution

  • Upgrade to Openads 2.4.3

Credits

  • Reporter: Tanatik

Contact informations

The security contact for Openads can be reached at: <security AT openads DOT org>

Best regards

Matteo Beccati http://www.openads.org