Hoangn144

**Name of the Vulnerable Software and Affected Versions** Revive Adserver versions prior to 5.0.5 **Description** A security restriction bypass issue has been found, allowing an attacker with access to the admin user interface to change the email address or password of the currently logged-in user without knowing the current password. This is achieved by altering the form payload, specifically by turning the `pwold` parameter into an array, which allows the operation to be authorized even if no password is provided. The attack requires physical access to the user interface of a logged-in user. **Recommendations** For Revive Adserver versions prior to 5.0.5, update to version 5.0.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the admin user interface to minimize the risk of exploitation. Avoid using the `pwold` parameter in the affected form until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Revive Adserver versions prior to 5.0.5 **Description** A remote attacker could trick logged-in users into opening a specifically crafted link, redirecting them to any destination. The CSRF protection of the "/www/admin/*-modify.php" endpoint could be bypassed if no meaningful parameter was sent, allowing the user to be redirected to the target page specified via the `returnurl` GET parameter. **Recommendations** For Revive Adserver versions prior to 5.0.5, update to version 5.0.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the "/www/admin/*-modify.php" endpoint to minimize the risk of exploitation. Avoid using the `returnurl` parameter in the affected endpoint until the issue is resolved.