PT-2026-51552 · Revive · Andserver

Kaushalendra Dubey

Published

2026-06-23

Updated

2026-06-23

CVE-2026-34914

CVSS v3.1

8.3

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H

A missing sanitisation of user input in the zone-include.php script of Revive Adserver 6.0.6 and earlier. A low‑privileged user could exploit the clientid parameter to perform blind SQL injection attacks. Input sanitisation has been improved to ensure that all parameters processed by the script are properly validated.

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2026-34914

Affected Products

Andserver

PT-2026-51552 · Revive · Andserver

CVE-2026-34914

Weakness Enumeration

Related Identifiers

Affected Products

References · 2