CVE-2013-3514

Name of the Vulnerable Software and Affected Versions OpenX versions prior to 2.8.10 revision 82710

Description The issue allows remote administrators to read arbitrary files via a .. (dot dot) in the group parameter to (1) "plugin-preferences.php" or (2) "plugin-settings.php" in www/admin. This can be leveraged using CSRF to allow remote unauthenticated attackers to read arbitrary files.

Recommendations For versions prior to 2.8.10 revision 82710, update to revision 82710 or later to resolve the issue. As a temporary workaround, consider restricting access to the "plugin-preferences.php" and "plugin-settings.php" files in the www/admin directory to minimize the risk of exploitation. Avoid using the group parameter in the affected API endpoints until the issue is resolved.