OpenX install.php / install-plugin.php Admin Authentication Bypass
High Nessus Plugin ID 43864
SynopsisA PHP application hosted on the remote web server has an authentication bypass vulnerability.
DescriptionThe version of OpenX hosted on the remote web server has an authentication bypass vulnerability. Sending a specially crafted request to install.php or install-plugin.php bypasses the normal authentication process.
A remote attacker could exploit this to gain administrative access to the OpenX installation.
SolutionUpgrade to OpenX 2.8.3 or later.