Description
A missing sanitisation of user input in the zone-include.php script of Revive Adserver 6.0.6 and earlier could allow a low‑privileged user to exploit the clientid parameter to perform blind SQL injection attacks. Input sanitisation has been improved to ensure that all parameters processed by the script are properly validated.
Published: 2026-06-23
Score: 6.1 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A missing sanitisation of user input in the zone-include.php script of Revive Adserver 6.0.6 and earlier allows a low‑privileged user to inject SQL through the clientid parameter, enabling blind SQL injection attacks. The flaw can be exploited to read or modify database contents without immediate code execution, representing a significant confidentiality and integrity risk.

Affected Systems

The vulnerability affects Revive Adserver 6.0.6 and all earlier releases from the Revive:Adserver product line.

Risk and Exploitability

The CVSS score of 6.1 reflects a medium severity impact. No EPSS score is available and the flaw is not listed in the CISA KEV catalog, suggesting a lower likelihood of widespread exploitation. The likely attack vector is an authenticated or unauthenticated HTTP request to zone-include.php, whereby a low-privileged user can manipulate the clientid query string to perform the injection.

Generated by OpenCVE AI on June 23, 2026 at 19:24 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Revive Adserver to a version that includes the improved input sanitisation for zone-include.php.
  • If an upgrade is not immediately possible, restrict or block access to the zone-include.php endpoint from non-privileged users or enforce strict input validation via a WAF or server configuration.
  • Ensure that any remaining clientid parameters are properly validated or removed from the public API surface.

Generated by OpenCVE AI on June 23, 2026 at 19:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

References
Link Providers
https://hackerone.com/reports/3653316 cve-icon
History

Tue, 23 Jun 2026 20:30:00 +0000

Type Values Removed Values Added
First Time appeared Revive
Revive adserver
Vendors & Products Revive
Revive adserver

Tue, 23 Jun 2026 19:45:00 +0000

Type Values Removed Values Added
Title Blind SQL Injection via Unvalidated clientid Parameter in Revive Adserver zone-include.php

Tue, 23 Jun 2026 18:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 23 Jun 2026 16:45:00 +0000

Type Values Removed Values Added
Description A missing sanitisation of user input in the zone-include.php script of Revive Adserver 6.0.6 and earlier could allow a low‑privileged user to exploit the clientid parameter to perform blind SQL injection attacks. Input sanitisation has been improved to ensure that all parameters processed by the script are properly validated.
Weaknesses CWE-79
References
Metrics cvssV3_0

{'score': 6.1, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N'}

Subscriptions

Revive Adserver
cve-icon MITRE

Status: PUBLISHED

Assigner: hackerone

Published:

Updated: 2026-06-23T17:42:13.398Z

Reserved: 2026-03-31T15:00:06.522Z

Link: CVE-2026-34915

cve-icon Vulnrichment

Updated: 2026-06-23T17:42:10.001Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-23T20:15:04Z

Weaknesses
  • CWE-79

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')