phpAdsNew XML-RPC Library Remote Code Injection
High Nessus Plugin ID 20180
SynopsisThe remote web server contains a PHP script that is prone to arbitrary code execution.
DescriptionThe remote host appears to be running phpAdsNew, an open source ad server written in PHP.
The version of phpAdsNew installed on the remote host allows attackers to execute arbitrary PHP code subject to the privileges of the web server user id due to a flaw in its bundled XML-RPC library.
SolutionUpgrade to phpAdsNew 2.0.5 or later.