Description

Multiple cross-site request forgery (CSRF) vulnerabilities in OpenX 2.8.11 and earlier allow remote attackers to hijack the authentication of administrators for requests that delete (1) users via admin/agency-user-unlink.php, (2) advertisers via admin/advertiser-delete.php, (3) banners via admin/banner-delete.php, (4) campaigns via admin/campaign-delete.php, (5) channels via admin/channel-delete.php, (6) affiliate websites via admin/affiliate-delete.php, or (7) zones via admin/zone-delete.php.

Remediation

References

CVE-2013-5954

Related Vulnerabilities

Joomla Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2015-4654)

Squid Insufficient Verification of Data Authenticity Vulnerability (CVE-2016-4554)

WordPress Plugin Social Login WP Cross-Site Request Forgery (5.0.0.0)

Restlet Framework Improper Restriction of XML External Entity Reference Vulnerability (CVE-2017-14949)

WordPress Plugin FV Flowplayer Video Player Cross-Site Scripting (7.4.37.727)

Severity

Medium

Classification

CVE-2013-5954 CWE-352

Tags

Missing Update Known Vulnerabilities