• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Openads Delivery Engine Remote Code Execution Vulnerability

Openads is prone to a vulnerability that lets remote attackers execute arbitrary code because it fails to sufficiently sanitize user-supplied data.

An attacker can leverage this issue to execute arbitrary PHP code on an affected computer with the privileges of the webserver process. This may facilitate unauthorized access.

Versions prior to Openads 2.4.3 are vulnerable.