Published: 06/05/2019 Updated: 09/10/2019

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 755

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

An attacker could send a specifically crafted payload to the XML-RPC invocation script and trigger the unserialize() call on the "what" parameter in the "openads.spc" RPC method. Such vulnerability could be used to perform various types of attacks, e.g. exploit serialize-related PHP vulnerabilities or PHP object injection. It is possible, although unconfirmed, that the vulnerability has been used by some attackers in order to gain access to some Revive Adserver instances and deliver malware through them to third party websites. This vulnerability was addressed in version 4.2.0.

Vulnerable Product	Search on Vulmon	Subscribe to Product
revive-sas revive adserver

# Exploit Title: Revive Adserver 42 - Remote Code Execution # Google Dork: "inurl:www/delivery filetype:php" # Exploit Author: crlf # Vendor Homepage: wwwrevive-adservercom/ # Software Link: wwwrevive-adservercom/download/archive/ # Version: 41x <= 42 RC1 # Tested on: *nix # CVE : CVE-2019-5434 # Сontains syntax error fo ...

Revive Adserver version 42 suffers from a code execution vulnerability ...

CWE-502 https://www.revive-adserver.com/security/revive-sa-2019-001/https://hackerone.com/reports/542670 https://hackerone.com/reports/512076 http://packetstormsecurity.com/files/155559/Revive-Adserver-4.2-Remote-Code-Execution.html https://nvd.nist.gov https://www.exploit-db.com/exploits/47739

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2019-5434

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect