Description

SQL injection vulnerability in www/delivery/axmlrpc.php (aka the XML-RPC delivery invocation script) in Revive Adserver before 3.0.2, and OpenX Source 2.8.11 and earlier, allows remote attackers to execute arbitrary SQL commands via the what parameter to an XML-RPC method.

Remediation

References

CVE-2013-7149

Related Vulnerabilities

MySQL CVE-2024-21162 Vulnerability (CVE-2024-21162)

phpMyFAQ Uncaught Exception Vulnerability (CVE-2023-0790)

Oracle JRE CVE-2017-10357 Vulnerability (CVE-2017-10357)

Joomla! Core 3.x.x Cross-Site Request Forgery (3.7.0 - 3.9.19)

XWiki Permissions, Privileges, and Access Controls Vulnerability (CVE-2006-7223)

Severity

High

Classification

CVE-2013-7149 CWE-138

Tags

Missing Update Known Vulnerabilities