Revive Adserver deserialization vulnerability
Added: 12/16/2019CVE: CVE-2019-5434
Background
Revive Adserver is a free, open source ad serving system.Problem
A deserialization vulnerability in Revive Adserver allows remote attackers to execute arbitrary commands injected into the what parameter of the openads.spc RPC method of adxmlrpc.php.Resolution
Upgrade to Revive Adserver 4.2.0 or higher.References
https://www.revive-adserver.com/security/revive-sa-2019-001/https://hackerone.com/reports/512076
Back to exploit index