This script is Copyright (C) 2009-2013 Tenable Network Security, Inc.
The remote web server contains a PHP script that is susceptible to a
local file include attack.
The remote host is running OpenX (formerly Openads), an open source ad
serving application written in PHP.
The installed version of OpenX does not validate user-supplied input
to the 'MAX_type' parameter of the 'www/delivery/fc.php' script before
using it in a PHP 'include()' function. Regardless of PHP's
'register_globals' setting, an unauthenticated attacker can exploit
this issue to view arbitrary files or possibly to execute arbitrary
PHP code on the remote host, subject to the privileges of the web
server user id.
See also :
Upgrade to OpenX version 2.6.4 / 2.4.10 or later.
Risk factor :
High / CVSS Base Score : 7.5
CVSS Temporal Score : 6.2
Public Exploit Available : true