Unrated severityNVD Advisory· Published Dec 28, 2013· Updated Apr 29, 2026

CVE-2013-7149

Description

SQL injection vulnerability in www/delivery/axmlrpc.php (aka the XML-RPC delivery invocation script) in Revive Adserver before 3.0.2, and OpenX Source 2.8.11 and earlier, allows remote attackers to execute arbitrary SQL commands via the what parameter to an XML-RPC method.

Affected products

Openx/Openx2 versions
cpe:2.3:a:openx:openx:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:openx:openx:*:*:*:*:*:*:*:*range: <=2.8.11
- cpe:2.3:a:openx:openx:2.8.10:*:*:*:*:*:*:*
Revive Adserver/Revive Adserver2 versions
cpe:2.3:a:revive-adserver:revive_adserver:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:revive-adserver:revive_adserver:*:*:*:*:*:*:*:*range: <=3.0.1
- cpe:2.3:a:revive-adserver:revive_adserver:3.0.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000