CVE-2010-1916
12.05.2010, 11:46
The dynamic configuration feature in Xinha WYSIWYG editor 0.96 Beta 2 and earlier, as used in Serendipity 1.5.2 and earlier, allows remote attackers to bypass intended access restrictions and modify the configuration of arbitrary plugins via (1) crafted backend_config_secret_key_location and backend_config_hash parameters that are used in a SHA1 hash of a shared secret that can be known or externally influenced, which are not properly handled by the "Deprecated config passing" feature; or (2) crafted backend_data and backend_data[key_location] variables, which are not properly handled by the xinha_read_passed_data function. NOTE: this can be leveraged to upload and possibly execute arbitrary files via config.inc.php in the ImageManager plugin.Enginsight
Vendor | Product | Version |
---|---|---|
xinha | wysiwyg_editor | 0.9:beta |
xinha | wysiwyg_editor | 0.91:beta |
xinha | wysiwyg_editor | 0.92:beta |
xinha | wysiwyg_editor | 0.93 |
xinha | wysiwyg_editor | 0.94 |
xinha | wysiwyg_editor | 0.95 |
xinha | wysiwyg_editor | 0.96:beta |
xinha | wysiwyg_editor | 0.96:beta2 |
s9y | serendipity | 0.3 |
s9y | serendipity | 0.4 |
s9y | serendipity | 0.5:pl1 |
s9y | serendipity | 0.6:pl3 |
s9y | serendipity | 0.7 |
s9y | serendipity | 0.7.1 |
s9y | serendipity | 0.8 |
s9y | serendipity | 0.8.1 |
s9y | serendipity | 0.8.2 |
s9y | serendipity | 0.8.3 |
s9y | serendipity | 0.8.4 |
s9y | serendipity | 0.8.5 |
s9y | serendipity | 0.9 |
s9y | serendipity | 0.9.1 |
s9y | serendipity | 1.0 |
s9y | serendipity | 1.0.1 |
s9y | serendipity | 1.0.2 |
s9y | serendipity | 1.0.3 |
s9y | serendipity | 1.0.4 |
s9y | serendipity | 1.1 |
s9y | serendipity | 1.1.1 |
s9y | serendipity | 1.1.2 |
s9y | serendipity | 1.1.3 |
s9y | serendipity | 1.1.4 |
s9y | serendipity | 1.2 |
s9y | serendipity | 1.2.1 |
s9y | serendipity | 1.3 |
s9y | serendipity | 1.3.1 |
s9y | serendipity | 1.4 |
s9y | serendipity | 1.4.1 |
s9y | serendipity | 1.5 |
s9y | serendipity | 1.5.1 |
s9y | serendipity | 1.5.2 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References