source: http://www.securityfocus.com/bid/4615/info

Admanager is banner advertisement management software. It is written in PHP and will run on most Unix and Linux variants, in addition to Microsoft Windows operating systems.

Access to the 'add.php3' script does not require authentication. It is possible for a remote attacker to manipulate URL parameters of this script and change banner advertisement content.

http://target/add.php3?url=http://www.url.com&adurl=http://URL/img.gif URL/