Vulnerability Solutions |
||
| The WatchMouse Periodic Vulnerability Scan checks for the vulnerability below. To see the most recently added vulnerability solutions that are scanned by WatchMouse, go to the Vulnerability Solutions overview | ||
| Category: CGI abuses | Risk factor: High | Added: 10 Oct 2008 |
| Synopsis: The remote web server contains a PHP application that allows injection of arbitrary PHP commands. Description: The remote host is running Openads, an open source ad serving application written in PHP. The installed version of Openads contains a vulnerability in its delivery engine in that it fails to properly sanitize input to the 'name' argument of the 'OA_Delivery_Cache_store()' function in various scripts under 'www/delivery' before saving it in a cache file. An unauthenticated remote attacker can exploit this issue to inject arbitrary PHP code and then execute it on the remote host, subject to the privileges under which the web server operates. See also: http://www.securityfocus.com/archive/1/archive/1/487486/100/0/threaded Solution: Upgrade to Openads 2.4.3 or later. Risk factor: High / CVSS Base Score : 7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P) |
||
