CVE-2013-5954

Name of the Vulnerable Software and Affected Versions OpenX versions 2.8.11 and earlier

Description The issue allows remote attackers to hijack the authentication of administrators for requests that delete various components, including users, advertisers, banners, campaigns, channels, affiliate websites, or zones, via multiple cross-site request forgery (CSRF) vulnerabilities. This is achieved through unauthorized access to specific API endpoints, such as "admin/agency-user-unlink.php", "admin/advertiser-delete.php", "admin/banner-delete.php", "admin/campaign-delete.php", "admin/channel-delete.php", "admin/affiliate-delete.php", or "admin/zone-delete.php".

Recommendations For OpenX versions 2.8.11 and earlier, update to a version that includes a fix for this issue to prevent CSRF attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.