| VID |
21599 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
A version of Serendipity which is older than version 0.8.1 is detected as installed on the host. Serendipity is a Weblog/blog system written in PHP. Serendipity versions prior to 0.8.1 are vulnerable to multiple vulnerabilities, which can be exploited by a remote attacker to bypass certain security restrictions and conduct cross-site scripting attacks.
1) Unauthorized File Upload Vulnerability: An error in the file upload handling can be exploited by authors to upload certain special files without privileges.
2) Multiple Cross-Site Scripting Vulnerabilities: Input passed to the "templatedropdown" and "shoutbox" plugins isn't properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
* Note: This check solely relied on the version number of the Serendipity software installed on the remote Web server to assess this vulnerability, so this might be a false positive.
* References:
http://sourceforge.net/project/shownotes.php?release_id=328092
http://secunia.com/advisories/15405/
* Platforms Affected:
s9y, Serendipity versions prior to 0.8.1
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of Serendipity (0.8.1 or later), available from the SourceForge.net Web site at http://sourceforge.net/projects/php-blog/ |
| Related URL |
CVE-2005-1712,CVE-2005-1713 (CVE) |
| Related URL |
13669 (SecurityFocus) |
| Related URL |
20641,20642 (ISS) |
|
