![Full Disclosure: [REVIVE-SA-2025-002] Revive Adserver Vulnerability](https://seclists.org/images/fulldisclosure-logo.png "Full Disclosure: [REVIVE-SA-2025-002] Revive Adserver Vulnerability"){kind=logo}
A SQL injection vulnerability was identified in Revive Adserver version 6.0.0, which could allow an attacker with manager-level access to execute malicious SQL commands. Users are urged to update to version 6.0.1 or higher to mitigate this high-risk security flaw. #ReviveAdserver #SQLInjection
Keypoints
- The vulnerability affects Revive Adserver version 6.0.0 only, not versions 6.0.1 and above.
- An attacker with manager-level privileges can exploit the flaw via crafted URLs and malicious queries.
- The SQL injection can lead to error-based or time-based blind data extraction attacks.
- The flaw involves improper escaping of input in the βadmin-search.phpβ script using the MySQL backend.
- It is recommended to update the software to the latest secure release to prevent exploitation.