Description
A missing validation of user input when saving delivery limitations in Revive Adserver 6.0.6 and earlier could allow a low‑privileged user to use the logical parameter to inject malicious PHP code into the compiledlimitations field on the database and have it executed during banner delivery. Input sanitisation has been improved to ensure that the parameter is properly validated.
Published: 2026-06-23
Score: 8.8 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A flaw in Revive Adserver versions 6.0.6 and earlier allows a low‑privileged user to submit delivery limitations that are not properly validated. The unsanitized logical parameter can contain PHP code, which is stored in the compiledlimitations field and executed when banners are served, giving the attacker the ability to run arbitrary PHP scripts on the hosting system. This results in full control over the web application and potentially the underlying server.

Affected Systems

The vulnerability affects Revive Adserver versions 6.0.6 and earlier. Versions newer than 6.0.6 include input sanitisation and are not impacted.

Risk and Exploitability

The CVSS score of 8.8 indicates high severity. EPSS data is not available, so the exact current exploitation probability is unknown, and the vulnerability is not listed in CISA’s KEV catalog. Likely attack vectors include a low‑privileged user within the admin interface submitting a crafted delivery limitation; no elevated privileges or external network exposure are required beyond normal administrative access.

Generated by OpenCVE AI on June 24, 2026 at 04:16 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check Revive Adserver’s official website or support portal for patch releases or advisory updates.
  • Restrict permissions of users who can edit delivery limitations to trusted administrators only.
  • Audit database entries for the compiledlimitations field and monitor banner delivery logs for unexpected PHP execution.

Generated by OpenCVE AI on June 24, 2026 at 04:16 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

References
Link Providers
https://hackerone.com/reports/3656781 cve-icon
History

Wed, 24 Jun 2026 01:30:00 +0000

Type Values Removed Values Added
Title Remote PHP Injection via Unvalidated Delivery Limitations in Revive Adserver

Tue, 23 Jun 2026 22:45:00 +0000

Type Values Removed Values Added
Title Code Injection via Delivery Limitations in Revive Adserver

Tue, 23 Jun 2026 20:15:00 +0000

Type Values Removed Values Added
Title Code Injection via Delivery Limitations in Revive Adserver

Tue, 23 Jun 2026 20:00:00 +0000

Type Values Removed Values Added
First Time appeared Revive-adserver
Revive-adserver revive Adserver
Vendors & Products Revive-adserver
Revive-adserver revive Adserver

Tue, 23 Jun 2026 18:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 23 Jun 2026 16:45:00 +0000

Type Values Removed Values Added
Description A missing validation of user input when saving delivery limitations in Revive Adserver 6.0.6 and earlier could allow a low‑privileged user to use the logical parameter to inject malicious PHP code into the compiledlimitations field on the database and have it executed during banner delivery. Input sanitisation has been improved to ensure that the parameter is properly validated.
Weaknesses CWE-94
References
Metrics cvssV3_0

{'score': 8.8, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Revive-adserver Revive Adserver
cve-icon MITRE

Status: PUBLISHED

Assigner: hackerone

Published:

Updated: 2026-06-23T17:26:24.247Z

Reserved: 2026-03-31T15:00:06.522Z

Link: CVE-2026-34916

cve-icon Vulnrichment

Updated: 2026-06-23T17:26:14.210Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-24T04:30:06Z

Weaknesses
  • CWE-94

    Improper Control of Generation of Code ('Code Injection')