CVE-2014-9407

Name of the Vulnerable Software and Affected Versions Revive Adserver versions prior to 3.0.5

Description The issue allows remote attackers to hijack the authentication of administrators for various requests. This can be achieved through multiple cross-site request forgery (CSRF) vulnerabilities. The affected requests include those that delete data via "agency-delete.php", "tracker-delete.php", or "userlog-delete.php" in the admin directory, as well as requests to unlink accounts via "admin-user-unlink.php", "advertiser-user-unlink.php", or "affiliate-user-unlink.php" in the admin directory.

Recommendations For Revive Adserver versions prior to 3.0.5, update to version 3.0.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the admin directory and implementing additional security measures to prevent CSRF attacks.