Unrated severityNVD Advisory· Published Apr 25, 2014· Updated May 6, 2026
CVE-2013-5954
CVE-2013-5954
Description
Multiple cross-site request forgery (CSRF) vulnerabilities in OpenX 2.8.11 and earlier allow remote attackers to hijack the authentication of administrators for requests that delete (1) users via admin/agency-user-unlink.php, (2) advertisers via admin/advertiser-delete.php, (3) banners via admin/banner-delete.php, (4) campaigns via admin/campaign-delete.php, (5) channels via admin/channel-delete.php, (6) affiliate websites via admin/affiliate-delete.php, or (7) zones via admin/zone-delete.php.
Affected products
13- cpe:2.3:a:revive-adserver:revive_adserver:*:*:*:*:*:*:*:*Range: <=3.0.4
cpe:2.3:a:openx:openx:*:*:*:*:*:*:*:*+ 11 more
- cpe:2.3:a:openx:openx:*:*:*:*:*:*:*:*range: <=2.8.11
- cpe:2.3:a:openx:openx:2.8.3:*:*:*:*:*:*:*
- cpe:2.3:a:openx:openx:2.8:*:*:*:*:*:*:*
- cpe:2.3:a:openx:openx:2.8.1:*:*:*:*:*:*:*
- cpe:2.3:a:openx:openx:2.8.2:*:*:*:*:*:*:*
- cpe:2.3:a:openx:openx:2.8.4:*:*:*:*:*:*:*
- cpe:2.3:a:openx:openx:2.8.5:*:*:*:*:*:*:*
- cpe:2.3:a:openx:openx:2.8.6:*:*:*:*:*:*:*
- cpe:2.3:a:openx:openx:2.8.7:*:*:*:*:*:*:*
- cpe:2.3:a:openx:openx:2.8.8:*:*:*:*:*:*:*
- cpe:2.3:a:openx:openx:2.8.9:*:*:*:*:*:*:*
- cpe:2.3:a:openx:openx:2.8.10:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
7- packetstormsecurity.com/files/125735nvdExploit
- seclists.org/fulldisclosure/2014/Mar/270nvdExploit
- www.securityfocus.com/bid/66251nvdExploit
- seclists.org/fulldisclosure/2014/May/68nvd
- www.revive-adserver.com/security/revive-sa-2014-001/nvd
- www.securityfocus.com/archive/1/532108/100/0/threadednvd
- exchange.xforce.ibmcloud.com/vulnerabilities/91889nvd
News mentions
0No linked articles in our index yet.