QwikSec

Security Database

CVE

CWE

Training

CVE-2013-7149

Published: Dec 28, 2013

Modified: Aug 6, 2024

PUBLISHED

Description

SQL injection vulnerability in www/delivery/axmlrpc.php (aka the XML-RPC delivery invocation script) in Revive Adserver before 3.0.2, and OpenX Source 2.8.11 and earlier, allows remote attackers to execute arbitrary SQL commands via the what parameter to an XML-RPC method.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://www.kreativrauschen.com/blog/2013/12/18/zero-day-vulnerability-in-openx-source-2-8-11-and-revive-adserver-3-0-1/

x_refsource_MISC

http://www.revive-adserver.com/security/REVIVE-SA-2013-001/

x_refsource_CONFIRM

20131220 [REVIVE-SA-2013-001] Revive Adserver 3.0.2 fixes SQL injection vulnerability

mailing-list

x_refsource_BUGTRAQ

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.