VULHUB ™

Admanager is banner advertisement management software. It is written in PHP and will run on most Unix and Linux variants, in addition to Microsoft Windows operating systems. Script code is not filtered from URL parameters of the 'add.php3' script. The attacker may exploit this to cause arbitrary script code to executed in a web user's browser, in the context of the website running Admanager. It should be noted that 'add.php3' is a back-end script of the administrative interface of the software and ideally should not be accessible to roaming web users. However, BugTraq ID 4615 "Admanager Content Manipulation Vulnerability" describes an issue related to the lack of authentication for this particular script. Due to the nature of the 'add.php3' script, attacker-supplied script code may potentially be stored and displayed by the ad management system.

Admanager is banner advertisement management software. It is written in PHP and will run on most Unix and Linux variants, in addition to Microsoft Windows operating systems. Script code is not filtered from URL parameters of the 'add.php3' script. The attacker may exploit this to cause arbitrary script code to executed in a web user's browser, in the context of the website running Admanager. It should be noted that 'add.php3' is a back-end script of the administrative interface of the software and ideally should not be accessible to roaming web users. However, BugTraq ID 4615 "Admanager Content Manipulation Vulnerability" describes an issue related to the lack of authentication for this particular script. Due to the nature of the 'add.php3' script, attacker-supplied script code may potentially be stored and displayed by the ad management system.