QwikSec

Security Database

CVE

CWE

Training

CVE-2013-5954

Published: Apr 25, 2014

Modified: Aug 6, 2024

PUBLISHED

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in OpenX 2.8.11 and earlier allow remote attackers to hijack the authentication of administrators for requests that delete (1) users via admin/agency-user-unlink.php, (2) advertisers via admin/advertiser-delete.php, (3) banners via admin/banner-delete.php, (4) campaigns via admin/campaign-delete.php, (5) channels via admin/channel-delete.php, (6) affiliate websites via admin/affiliate-delete.php, or (7) zones via admin/zone-delete.php.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

20140515 [REVIVE-SA-2014-001] Revive Adserver 3.0.5 fixes CSRF vulnerability

mailing-list

x_refsource_FULLDISC

http://packetstormsecurity.com/files/125735

x_refsource_MISC

20140315 [CVE-2013-5954] Multiple Cross Site Request Forgery Vulnerabilities in OpenX 2.8.11

mailing-list

x_refsource_FULLDISC

vdb-entry

x_refsource_BID

20140515 [REVIVE-SA-2014-001] Revive Adserver 3.0.5 fixes CSRF vulnerability

mailing-list

x_refsource_BUGTRAQ

http://www.revive-adserver.com/security/revive-sa-2014-001/

x_refsource_CONFIRM

openx-cve20135954-csrf(91889)

vdb-entry

x_refsource_XF

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.