Skip to main content
CVE-2019-5434 CRITICAL POC THREAT Act Now

An attacker could send a specifically crafted payload to the XML-RPC invocation script and trigger the unserialize() call on the "what" parameter in the "openads.spc" RPC method. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Deserialization Revive Adserver
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
57.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy