Unspecified vulnerability in OpenX 2.8.1 and 2.8.2 allows remote attackers to bypass authentication and obtain access to an Administrator account via unknown vectors, possibly related to www/admin/install.php, www/admin/install-plugins.php, and other www/admin/ files.
Weakness
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Openx | Openx | 2.8.1 (including) | 2.8.1 (including) |
| Openx | Openx | 2.8.2 (including) | 2.8.2 (including) |
Potential Mitigations
Related Attack Patterns
- https://cwe.mitre.org/data/definitions/114.html
- https://cwe.mitre.org/data/definitions/115.html
- https://cwe.mitre.org/data/definitions/151.html
- https://cwe.mitre.org/data/definitions/194.html
- https://cwe.mitre.org/data/definitions/22.html
- https://cwe.mitre.org/data/definitions/57.html
- https://cwe.mitre.org/data/definitions/593.html
- https://cwe.mitre.org/data/definitions/633.html
- https://cwe.mitre.org/data/definitions/650.html
- https://cwe.mitre.org/data/definitions/94.html
References
- http://blog.openx.org/12/security-matters-2/
- http://forum.openx.org/index.php?showtopic=503454011
- http://osvdb.org/61300
- http://secunia.com/advisories/37914
- http://www.securityfocus.com/bid/37457
- http://blog.openx.org/12/security-matters-2/
- http://forum.openx.org/index.php?showtopic=503454011
- http://osvdb.org/61300
- http://secunia.com/advisories/37914
- http://www.securityfocus.com/bid/37457