Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:19003
HistoryFeb 05, 2008 - 12:00 a.m.

[OPENADS-SA-2008-001] Openads 2.4.2 vulnerability fixed

2008-02-0500:00:00
vulners.com
21

========================================================================
Openads security advisory OPENADS-SA-2008-001

Advisory ID: OPENADS-SA-2008-001
Date: 2008-Feb-04
Security risk: Critical
Applications affetced: Openads
Versions affected: 2.4.0 <= x <= 2.4.2
Versions not affected: >= 2.4.3

========================================================================
Vulnerability: Remote PHP code injection and execution

Description

A remote PHP code injection and execution vulnerability has recently
been found. The vulnerability affects the delivery engine, which does
not require any kind of authentication. An attacker could exploit it to
execute arbitrary PHP code.

Solution

  • Upgrade to Openads 2.4.3

Credits

  • Reporter: Tanatik

Contact informations

The security contact for Openads can be reached at:
<security AT openads DOT org>

Best regards

Matteo Beccati
http://www.openads.org