[OPENADS-SA-2007-001] phpAdsNew and phpPgAds 2.0.9-pr1 vulnerability fixed

[Matteo Beccati <php () beccati com>]

========================================================================
Openads security advisory                            OPENADS-SA-2007-001
------------------------------------------------------------------------
Advisory ID:           OPENADS-SA-2007-001
Date:                  2007-Jan-24
Security risk:         low risk
Applications affetced: phpAdsNew, phpPgAds
Versions affected:     <= phpAdsNew 2.0.9-pr1, phpPgAds 2.0.9-pr1
Versions not affected: >= Openads 2.0.10, Openads for PostgreSQL 2.0.10
========================================================================


========================================================================
Vulnerability:  Cross-site scripting
========================================================================

Description
-----------
This is the description of the vulnerability recieved by JPCERT:

"We have confirmed that in admin-search.php, scripts included in
'keyword' parameter is shown without proper sanitization thus the
script could be executed.

However a user needs to login the system as administrator, which makes
the exploit technically difficult.

If this vulnerability is exploited, by script execution, a user's
session ID included in HTTP Cookie might be stolen. Also there's a risk
that the contents of phpAdsNew are falsified temporarily."

References
----------
- JVN#07274813: http://jvn.jp/jp/JVN%2307274813/index.html

Solution
--------
- The vulnerability was fixed in Openads and Openads for PostgreSQL
  2.0.10 (released on Jan 18th), but we suggest you to upgrade to
  Openads or Openads for PostgreSQL 2.0.11 released today.


Contact informations
====================

The security contact for Openads can be reached at:
<security AT openads DOT org>


Best regards
--
Matteo Beccati
http://www.openads.org
http://phpadsnew.com
http://phppgads.com