Revive Adserver deserialization vulnerability

Added: 12/16/2019
CVE: CVE-2019-5434

Background

Revive Adserver is a free, open source ad serving system.

Problem

A deserialization vulnerability in Revive Adserver allows remote attackers to execute arbitrary commands injected into the what parameter of the openads.spc RPC method of adxmlrpc.php.

Resolution

Upgrade to Revive Adserver 4.2.0 or higher.

References

https://www.revive-adserver.com/security/revive-sa-2019-001/
https://hackerone.com/reports/512076

Back to exploit index