VYPR
Unrated severityNVD Advisory· Published Dec 28, 2013· Updated Jun 17, 2026

CVE-2013-7149

CVE-2013-7149

Description

SQL injection vulnerability in www/delivery/axmlrpc.php (aka the XML-RPC delivery invocation script) in Revive Adserver before 3.0.2, and OpenX Source 2.8.11 and earlier, allows remote attackers to execute arbitrary SQL commands via the what parameter to an XML-RPC method.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

6
  • Openx/Openx2 versions
    cpe:2.3:a:openx:openx:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:openx:openx:*:*:*:*:*:*:*:*range: <=2.8.11
    • cpe:2.3:a:openx:openx:2.8.10:*:*:*:*:*:*:*
  • cpe:2.3:a:revive-adserver:revive_adserver:*:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:a:revive-adserver:revive_adserver:*:*:*:*:*:*:*:*range: <=3.0.1
    • cpe:2.3:a:revive-adserver:revive_adserver:3.0.0:*:*:*:*:*:*:*
    • (no CPE)range: <3.0.2
  • Range: <=2.8.11

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.