Description
OpenX Source v. 2.8.10 (the binary distribution) was compromised, and two of the files were replaced with two new modified files that contained a remote code execution vulnerability. All OpenX downloads since at least November 2012 through August 2013 were affected.
Remediation
Upgrade to OpenX version 2.8.11.
References
Related Vulnerabilities
Nette framework PHP code injection via callback
WordPress Plugin Ad Inserter-Ad Manager & AdSense Ads Remote Code Execution (2.4.21)
Data Binding Expression Vulnerability in Spring Web Flow
ColdFusion CFC Deserialization RCE (CVE-2023-26359/CVE-2023-26360)
Apache Struts 2 ClassLoader manipulation and denial of service (S2-020)