CVE-2014-9407 in Revive Adserver
Sumário (Inglês)
Multiple cross-site request forgery (CSRF) vulnerabilities in Revive Adserver before 3.0.5 allow remote attackers to hijack the authentication of administrators for requests that (1) delete data via a request to agency-delete.php, (2) tracker-delete.php, or (3) userlog-delete.php in admin/ or (4) unlink accounts via a request to admin-user-unlink.php. (5) advertiser-user-unlink.php, or (6) affiliate-user-unlink.php in admin/.
Reservar
19/12/2014
Divulgação
19/12/2014
Inscrições
VulDB provides additional information and datapoints for this CVE:
| ID | Vulnerabilidade | CWE | Exp | Con | CVE |
|---|---|---|---|---|---|
| 73333 | Revive Adserver agency-delete.php Falsificação de Pedido entre Sites | 352 | Não definido | Correção oficial | CVE-2014-9407 |