CVE-2013-7376

EIP tracks 1 public exploit for CVE-2013-7376. PoCs published by High-Tech Bridge SA.

AI-analyzed exploit summary The exploit demonstrates a Local File Inclusion (LFI) vulnerability in OpenX via the 'group' parameter in plugin-preferences.php and plugin-settings.php, allowing arbitrary file inclusion and execution. It also includes Cross-Site Scripting (XSS) examples via the 'package' and 'group' parameters in plugin-index.php and plugin-settings.php.

Multiple cross-site request forgery (CSRF) vulnerabilities in OpenX 2.8.10, possibly before revision 82710, allow remote attackers to hijack the authentication of administrators, as demonstrated by requests that conduct directory traversal attacks via the group parameter to (1) plugin-preferences.php or (2) plugin-settings.php in www/admin, a different vulnerability than CVE-2013-3514.