cbcvebase.
CVE-2013-5954
published 2014-04-25

CVE-2013-5954: Multiple cross-site request forgery (CSRF) vulnerabilities in OpenX 2.8.11 and earlier allow remote attackers to hijack the authentication of administrators…

PriorityP335medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
3.10%
86.1th percentile
Multiple cross-site request forgery (CSRF) vulnerabilities in OpenX 2.8.11 and earlier allow remote attackers to hijack the authentication of administrators for requests that delete (1) users via admin/agency-user-unlink.php, (2) advertisers via admin/advertiser-delete.php, (3) banners via admin/banner-delete.php, (4) campaigns via admin/campaign-delete.php, (5) channels via admin/channel-delete.php, (6) affiliate websites via admin/affiliate-delete.php, or (7) zones via admin/zone-delete.php.

Affected

13 ranges
VendorProductVersion rangeFixed in
openxopenx<= 2.8.11
openxopenx
openxopenx
openxopenx
openxopenx
openxopenx
openxopenx
openxopenx
openxopenx
openxopenx
openxopenx
openxopenx
revive-adserverrevive_adserver<= 3.0.4
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.