| VID |
210127 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
A version of Serendipity which is older than version 1.6.2 is detected as installed on the host. Serendipity is a Weblog/blog system written in PHP.
The version of the Serendipity installed on the remote host is affected by a SQL injection vulnerability because the 'include/functions_trackbacks.inc.php' script does not properly sanitize user supplied input passed via the 'url' parameter to the 'comment.php' script. Provided that PHP's 'magic_quotes_gpc' setting is disabled, this may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.
* Note: This check solely relied on the version number of the Serendipity software installed on the remote Web server to assess this vulnerability, so this might be a false positive.
* References:
https://www.htbridge.com/advisory/HTB23092
http://blog.s9y.org/archives/241-Serendipity-1.6.2-released.html
* Platforms Affected:
s9y, Serendipity versions prior to 1.6.2
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of Serendipity (1.6.2 or later), available from the SourceForge.net Web site at http://sourceforge.net/projects/php-blog/ |
| Related URL |
CVE-2012-2762 (CVE) |
| Related URL |
53620 (SecurityFocus) |
| Related URL |
20641,20642 (ISS) |
|
