Florian Sander

**Name of the Vulnerable Software and Affected Versions** Revive Adserver versions prior to 3.0.2 OpenX Source versions 2.8.11 and earlier **Description** A SQL injection issue allows remote attackers to execute arbitrary SQL commands. This is achieved by manipulating the `what` parameter to an XML-RPC method in the XML-RPC delivery invocation script. **Recommendations** For Revive Adserver versions prior to 3.0.2, update to version 3.0.2 or later. For OpenX Source versions 2.8.11 and earlier, update to a version later than 2.8.11.