Vulnerability Description
SQL injection vulnerability in www/delivery/axmlrpc.php (aka the XML-RPC delivery invocation script) in Revive Adserver before 3.0.2, and OpenX Source 2.8.11 and earlier, allows remote attackers to execute arbitrary SQL commands via the what parameter to an XML-RPC method.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Openx | Openx | <= 2.8.11 |
| Revive-Adserver | Revive Adserver | <= 3.0.1 |
Related Weaknesses (CWE)
References
- http://www.kreativrauschen.com/blog/2013/12/18/zero-day-vulnerability-in-openx-s
- http://www.revive-adserver.com/security/REVIVE-SA-2013-001/Vendor Advisory
- http://www.securityfocus.com/archive/1/530471/30/0/threaded
- http://www.kreativrauschen.com/blog/2013/12/18/zero-day-vulnerability-in-openx-s
- http://www.revive-adserver.com/security/REVIVE-SA-2013-001/Vendor Advisory
- http://www.securityfocus.com/archive/1/530471/30/0/threaded
FAQ
What is CVE-2013-7149?
CVE-2013-7149 is a vulnerability with a CVSS score of 7.5 (HIGH). SQL injection vulnerability in www/delivery/axmlrpc.php (aka the XML-RPC delivery invocation script) in Revive Adserver before 3.0.2, and OpenX Source 2.8.11 and earlier, allows remote attackers to ex...
How severe is CVE-2013-7149?
CVE-2013-7149 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-7149?
Check the references section above for vendor advisories and patch information. Affected products include: Openx Openx, Revive-Adserver Revive Adserver.