CVE-2015-7366
Revive Adserver 3.2.1 CSRF / XSS / Local File Inclusion
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Multiple cross-site request forgery (CSRF) vulnerabilities in Revive Adserver before 3.2.2 allow remote attackers to hijack the authentication of users for requests that (1) perform certain plugin actions and possibly cause a denial of service (disabled core plugins) via unknown vectors or (2) change the contact name and language or possibly have unspecified other impact via a crafted POST request to an account-user-*.php script.
Múltiples vulnerabilidades de CSRF en Revive Adserver en versiones anteriores a 3.2.2 permite a atacantes remotos secuestrar la autenticación de usuarios en peticiones que (1) llevan a cabo ciertas acciones del plugin y posiblemente causan una denegación de servicio (plugins del núcleo deshabilitados) a través de vectores desconocidos o (2) cambian el nombre de contacto y el idioma o posiblemente tienen otro impacto no especificado a través de una petición POST manipulada a una secuencia de comandos account-user-*.php.
Revive Adserver versions 3.2.1 and below suffer from improper access controls, cross site request forgery, cross site scripting, local file inclusion, and various other vulnerabilities.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2015-09-25 CVE Reserved
- 2015-10-07 CVE Published
- 2024-08-06 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-352: Cross-Site Request Forgery (CSRF)
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| http://packetstormsecurity.com/files/133893/Revive-Adserver-3.2.1-CSRF-XSS-Local-File-Inclusion.html | X_refsource_misc |
|
| http://seclists.org/fulldisclosure/2015/Oct/32 | Mailing List |
|
| http://www.securityfocus.com/archive/1/536633/100/0/threaded | Mailing List |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.revive-adserver.com/security/revive-sa-2015-001 | 2018-10-09 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Revive-adserver Search vendor "Revive-adserver" | Revive Adserver Search vendor "Revive-adserver" for product "Revive Adserver" | <= 3.2.1 Search vendor "Revive-adserver" for product "Revive Adserver" and version " <= 3.2.1" | - |
Affected
| ||||||