 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| CVE ID: | CVE-2010-1916 |
| Description: | The dynamic configuration feature in Xinha WYSIWYG editor 0.96 Beta 2 and earlier, as used in Serendipity 1.5.2 and earlier, allows remote attackers to bypass intended access restrictions and modify the configuration of arbitrary plugins via (1) crafted backend_config_secret_key_location and backend_config_hash parameters that are used in a SHA1 hash of a shared secret that can be known or externally influenced, which are not properly handled by the "Deprecated config passing" feature; or (2) crafted backend_data and backend_data[key_location] variables, which are not properly handled by the xinha_read_passed_data function. NOTE: this can be leveraged to upload and possibly execute arbitrary files via config.inc.php in the ImageManager plugin. |
| Test IDs: | 1.3.6.1.4.1.25623.1.0.801337 1.3.6.1.4.1.25623.1.0.67535 1.3.6.1.4.1.25623.1.0.862159 1.3.6.1.4.1.25623.1.0.67586 1.3.6.1.4.1.25623.1.0.862131 |
| Cross References: |
Common Vulnerability Exposure (CVE) ID: CVE-2010-1916 BugTraq ID: 40033 http://www.securityfocus.com/bid/40033 http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042577.html http://www.php-security.org/2010/05/10/mops-2010-019-serendipity-wysiwyg-editor-plugin-configuration-injection-vulnerability/index.html http://www.php-security.org/2010/05/10/mops-2010-020-xinha-wysiwyg-plugin-configuration-injection-vulnerability/index.html http://secunia.com/advisories/39782 http://secunia.com/advisories/40124 http://www.vupen.com/english/advisories/2010/1401 |