CVE-2026-44959

EPSS 0.4%
Veröffentlicht 23.06.2026 16:14:38
Zuletzt bearbeitet 23.06.2026 18:17:52
Quelle support@hackerone.com
CVE-Watchlists
Login
Unerledigt
Login

A missing validation of user input exists when saving delivery limitations in Revive Adserver 6.0.6 and earlier. A low‑privileged user could add an unexpected component parameter and inject malicious PHP code into the compiledlimitations field, which would then be executed during banner delivery. Input sanitisation has been improved to ensure that unexpected parameters are filtered out.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

CNA 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerRevive

≫

Produkt Adserver

Default Statusunaffected

Version <= 6.0.6

Version 0

Status affected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.4%	0.318

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
support@hackerone.com	8.8	2.8	5.9	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-94 Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

https://hackerone.com/reports/3744200

https://nvd.nist.gov/vuln/detail/CVE-2026-44959

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-44959

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-44959

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-44959