Revive Adserver Debug Information Disclosure Vulnerability

A vulnerability in Revive Adserver versions through 6.0.1, including 5.5.2, allows non-admin users to access sensitive debug information through SQL error messages. These messages disclose details about the software, PHP version, and database version in use. This information could potentially be exploited to identify and target known vulnerabilities on the server.

Impact

The vulnerability could lead to unauthorized disclosure of backend details, including database version, structure, and PHP environment information. This data may assist attackers in identifying vulnerabilities or crafting targeted attacks against the server.

Reproduction

To reproduce this vulnerability, log into the Revive Adserver application and navigate to the channel ACL management page. Intercept the request to save changes and insert a single quote in the execution order field. When the request is submitted, the resulting error message will disclose the MySQL or MariaDB version, along with the executed SQL query, exposing sensitive technical details.

Remediation

Users can update to Revive Adserver version 6.0.2 or later, where this vulnerability has been addressed.