header-logo
Suggest Exploit
vendor:
Banner Advertisement Management Software
by:
SecurityFocus
3.3
CVSS
MEDIUM
URL Manipulation
20
CWE
Product Name: Banner Advertisement Management Software
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Unix, Linux, Microsoft Windows
2002

Admanager Banner Advertisement Management Software Vulnerability

Admanager is banner advertisement management software. It is written in PHP and will run on most Unix and Linux variants, in addition to Microsoft Windows operating systems. Access to the 'add.php3' script does not require authentication. It is possible for a remote attacker to manipulate URL parameters of this script and change banner advertisement content.

Mitigation:

Authentication should be enforced for the 'add.php3' script.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/4615/info

Admanager is banner advertisement management software. It is written in PHP and will run on most Unix and Linux variants, in addition to Microsoft Windows operating systems.

Access to the 'add.php3' script does not require authentication. It is possible for a remote attacker to manipulate URL parameters of this script and change banner advertisement content.

http://target/add.php3?url=http://www.url.com&adurl=http://URL/img.gif URL/

Navigation

Suggest Exploit

Services By CQR