CVE-2013-5954
Revive Adserver < 3.0.4 and OpenX < 2.8.11 - Cross-Site Request Forgery via Admin Endpoints
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2013-5954. PoCs published by Mahmoud Ghorbanzadeh.
AI-analyzed exploit summary This exploit demonstrates multiple CSRF vulnerabilities in OpenX 2.8.11 and prior versions. The PoC uses image tags to trigger unauthorized actions such as deleting advertisers, banners, campaigns, and other entities without user interaction.
Description
Multiple cross-site request forgery (CSRF) vulnerabilities in OpenX 2.8.11 and earlier allow remote attackers to hijack the authentication of administrators for requests that delete (1) users via admin/agency-user-unlink.php, (2) advertisers via admin/advertiser-delete.php, (3) banners via admin/banner-delete.php, (4) campaigns via admin/campaign-delete.php, (5) channels via admin/channel-delete.php, (6) affiliate websites via admin/affiliate-delete.php, or (7) zones via admin/zone-delete.php.
Exploits (1)
This exploit demonstrates multiple CSRF vulnerabilities in OpenX 2.8.11 and prior versions. The PoC uses image tags to trigger unauthorized actions such as deleting advertisers, banners, campaigns, and other entities without user interaction.