|
Description
|
|
Multiple vulnerabilities have been reported in Ad Manager Pro, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks.
1) Input passed via multiple parameters to multiple scripts is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
List of affected parameters and scripts:
<a href="http://[host]/advertiser.php?username&password&image_control&email
" target="_blank">http://[host]/advertiser.php?use...mp;image_control&email
</a>
<a href="http://[host]/publisher.php?username&password&image_control&email
" target="_blank">http://[host]/publisher.php?user...mp;image_control&email
</a>
2) Input passed via the "X-Forwarded-For" HTTP header field is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
|
