CVE Catalog

CVE-2026-34915

MediumCVSS 6.1
Published: Updated: Translated: NVD NIST

Summary

A missing sanitisation of user input in the zone-include.php script of Revive Adserver 6.0.6 and earlier could allow a low-privileged user to exploit the clientid parameter to perform blind SQL injection attacks. Input sanitisation has been improved to ensure that all parameters processed by the script are properly validated.

Risk Assessment

The organization may be exposed to SQL injection attacks, which could lead to unauthorized access to or modification of data. Low-privileged users could exploit this vulnerability to escalate their privileges.

Recommendation

It is recommended to update Revive Adserver to the latest version to benefit from improved input sanitisation. Additionally, conducting a security audit of the application to identify other potential vulnerabilities is advisable.

Original NVD description (English source)

A missing sanitisation of user input in the zone-include.php script of Revive Adserver 6.0.6 and earlier could allow a low‑privileged user to exploit the clientid parameter to perform blind SQL injection attacks. Input sanitisation has been improved to ensure that all parameters processed by the script are properly validated.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS