CVE-2013-7149 Information

Description

SQL injection vulnerability in www/delivery/axmlrpc.php (aka the XML-RPC delivery invocation script) in Revive Adserver before 3.0.2 and OpenX Source 2.8.11 and earlier allows remote attackers to execute arbitrary SQL commands via the what parameter to an XML-RPC method.

Reference

http://www.kreativrauschen.com/blog/2013/12/18/zero-day-vulnerability-in-openx-source-2-8-11-and-revive-adserver-3-0-1/ http://www.revive-adserver.com/security/REVIVE-SA-2013-001/ http://www.securityfocus.com/archive/1/530471/30/0/threaded