FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

openx -- sql injection vulnerability

Affected packages
openx < 2.6.2

Details

VuXML ID 55616fda-a2d0-11dd-a9f9-0030843d3802
Discovery 2008-10-03
Entry 2008-10-25

Secunia reports:

OpenX can be exploited by malicious people to conduct SQL injection attacks.

Input passed to the "bannerid" parameter in www/delivery/ac.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

References

URL http://blog.openx.org/10/openx-security-update/
URL http://secunia.com/advisories/32114/