Description

OpenX Source v. 2.8.10 (the binary distribution) was compromised, and two of the files were replaced with two new modified files that contained a remote code execution vulnerability. All OpenX downloads since at least November 2012 through August 2013 were affected.

Remediation

Upgrade to OpenX version 2.8.11.

References

Warning: OpenX Ad Server contains a backdoor

Related Vulnerabilities

Drupal Core 4.6.x Arbitrary Code Execution (4.6.0 - 4.6.6)

Apache Tapestry Unauthenticated RCE (CVE-2019-0195, CVE-2021-27850)

GhostScript RCE (Remote Code Execution)

Drupal Core 9.4.x Remote Code Execution (9.4.0 - 9.4.2)

WordPress Plugin Woody ad snippets-Insert Header Footer Code, AdSense Ads PHP Code Injection (1.3)

Severity

High

Classification

CVE-2013-4211 CWE-95 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Tags

Code Execution