Description

SQL injection vulnerability in www/delivery/axmlrpc.php (aka the XML-RPC delivery invocation script) in Revive Adserver before 3.0.2, and OpenX Source 2.8.11 and earlier, allows remote attackers to execute arbitrary SQL commands via the what parameter to an XML-RPC method.

Remediation

References

CVE-2013-7149

Related Vulnerabilities

WEBrick v.1.3 directory traversal

WordPress Plugin Photo Gallery, Images, Slider in Rbs Image Gallery Remote Code Execution (2.0.14)

Jenkins Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2015-1807)

MODX Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2010-4883)

MySQL CVE-2019-2585 Vulnerability (CVE-2019-2585)

Severity

High

Classification

CVE-2013-7149 CWE-138

Tags

Missing Update Known Vulnerabilities