| VID |
210021 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The Serendipity program is vulnerable to a local file include vulnerability in the local.inc.php script. Serendipity is a Weblog/blog system written in PHP. Serendipity version 1.0.3 and earlier versions are vulnerable to a local file include vulnerability, caused by improper validation of user-supplied input passed to the 'serendipity[charset]' parameter of the 'lang.inc.php' script. If the 'register_globals' option is enabled, by sending a specially-crafted URL request to the lang.inc.php script using the serendipity[charset] parameter to specify a file from the local system, a remote attacker could view arbitrary files or execute arbitrary PHP script code on the vulnerable system in the security context of the Web server process.
* References:
http://milw0rm.com/exploits/2869
* Platforms Affected:
S9Y Serendipity version 1.0.3 and earlier versions
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of Serendipity (1.0.4 or later), available from the Serendipity Web site at http://www.s9y.org/ |
| Related URL |
CVE-2006-6242 (CVE) |
| Related URL |
21367 (SecurityFocus) |
| Related URL |
30615 (ISS) |
|
