CVE-2026-34916

EPSS 0.45%
Veröffentlicht 23.06.2026 16:14:38
Zuletzt bearbeitet 23.06.2026 18:17:43
Quelle support@hackerone.com
CVE-Watchlists
Login
Unerledigt
Login

A missing validation of user input when saving delivery limitations in Revive Adserver 6.0.6 and earlier could allow a low‑privileged user to use the logical parameter to inject malicious PHP code into the compiledlimitations field on the database and have it executed during banner delivery. Input sanitisation has been improved to ensure that the parameter is properly validated.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

CNA 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerRevive Adserver

≫

Produkt Revive Adserver

Default Statusunaffected

Version <= 6.0.6

Version 0

Status affected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.45%	0.354

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
support@hackerone.com	8.8	2.8	5.9	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-94 Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

https://hackerone.com/reports/3656781

https://nvd.nist.gov/vuln/detail/CVE-2026-34916

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-34916

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-34916

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-34916