The vulnerability allows a remote attacker to execute arbitrary SQL commands in vulnerable application.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can send a specially crafted HTTP request to the XML-RPC script using the "what" parameter and view, add, modify or delete information in the back-end database.
Successful exploitation may allow an attacker to gain unauthorized access to the vulnerable system.
Note: this vulnerability was being actively exploited.
SQL injection
The vulnerability allows a remote attacker to execute arbitrary SQL commands in vulnerable application.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can send a specially crafted HTTP request to the XML-RPC script using the "what" parameter and view, add, modify or delete information in the back-end database.
Successful exploitation may allow an attacker to gain unauthorized access to the vulnerable system.
Note: this vulnerability was being actively exploited.
i
The vulnerability was discovered and reported to Revive Adserver team by Florian Sander.
The vulnerability is considered to be connected with attacks on web site centralpark[.]com and high-traffic site clipconverter[.]cc
Software:
Revive Adserver
The vulnerability was discovered and reported to Revive Adserver team by Florian Sander.
The vulnerability is considered to be connected with attacks on web site centralpark[.]com and high-traffic site clipconverter[.]cc
The vulnerability allows a remote attacker to execute arbitrary PHP code on the target system.
The weakness exists due to compromise of the source code package. A remote attacker can create a specially crafted request with a rot13'd and reversed payload and send it to the target system to execute arbitrary PHP code.
Successful exploitation of the vulnerability results in arbitrary PHP code execution on the vulnerable system.
Note: the vulnerability was being actively exploited.
Arbitrary PHP code execution
The vulnerability allows a remote attacker to execute arbitrary PHP code on the target system.
The weakness exists due to compromise of the source code package. A remote attacker can create a specially crafted request with a rot13'd and reversed payload and send it to the target system to execute arbitrary PHP code.
Successful exploitation of the vulnerability results in arbitrary PHP code execution on the vulnerable system.
Note: the vulnerability was being actively exploited.
i
The vulnerability has been exploited from November 2012 till August 2013.
Software:
Revive Adserver
The vulnerability has been exploited from November 2012 till August 2013.