SB2019110522 - Multiple vulnerabilities in s9y Serendipity

Description

This security bulletin contains information about 3 secuirty vulnerabilities.

1) Code Injection (CVE-ID: CVE-2011-1133)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to improper input validation in plugins/ExtendedFileManager/backend.php. A remote attacker can send a specially crafted request and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

2) Cross-site scripting (CVE-ID: CVE-2011-1134)

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. The vulnerability allows remote attackers to execute arbitrary code in the image manager.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

3) Cross-site scripting (CVE-ID: CVE-2011-1135)

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity package before 1.5.5, allows remote attackers to execute arbitrary code in plugins/ExtendedFileManager/manager.php and plugins/ImageManager/manager.php.

Remediation

Install update from vendor's website.

References

• https://blog.s9y.org/archives/224-Important-Security-Update-Serendipity-1.5.5-released.html
• https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=611661
• https://security-tracker.debian.org/tracker/CVE-2011-1133
• https://www.openwall.com/lists/oss-security/2011/03/02/5
• https://security-tracker.debian.org/tracker/CVE-2011-1134
• https://security-tracker.debian.org/tracker/CVE-2011-1135