CVE-2012-4990

Name of the Vulnerable Software and Affected Versions OpenX version 2.8.10

Description The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the ids[] parameter in a link action in the admin/campaign-zone-link.php file.

Recommendations For OpenX version 2.8.10, update to a version that includes revision 81823 or later to resolve the issue. As a temporary workaround, consider restricting access to the admin/campaign-zone-link.php file to minimize the risk of exploitation. Avoid using the ids[] parameter in the affected link action until the issue is resolved.