Multiple vulnerabilities in s9y Serendipity
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 3 |
| CVE-ID | CVE-2011-1133 CVE-2011-1134 CVE-2011-1135 |
| CWE-ID | CWE-94 CWE-79 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Serendipity Other software / Other software solutions |
| Vendor | s9y.org |
Security Bulletin
This security bulletin contains information about 3 vulnerabilities.
1) Code Injection
EUVDB-ID: #VU30699
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2011-1133
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation in plugins/ExtendedFileManager/backend.php. A remote attacker can send a specially crafted request and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate to version 1.5.5.
Vulnerable software versionsSerendipity: 1.5.1 - 1.5.4
CPE2.3- cpe:2.3:a:s9y_org:serendipity:1.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:s9y_org:serendipity:1.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:s9y_org:serendipity:1.5.3:*:*:*:*:*:*:*
http://blog.s9y.org/archives/224-Important-Security-Update-Serendipity-1.5.5-released.html
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=611661
http://security-tracker.debian.org/tracker/CVE-2011-1133
http://www.openwall.com/lists/oss-security/2011/03/02/5
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Cross-site scripting
EUVDB-ID: #VU30700
Risk: Low
CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2011-1134
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. The vulnerability allows remote attackers to execute arbitrary code in the image manager.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
MitigationUpdate to version 1.5.5.
Vulnerable software versionsSerendipity: 1.5.1 - 1.5.4
CPE2.3- cpe:2.3:a:s9y_org:serendipity:1.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:s9y_org:serendipity:1.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:s9y_org:serendipity:1.5.3:*:*:*:*:*:*:*
http://blog.s9y.org/archives/224-Important-Security-Update-Serendipity-1.5.5-released.html
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=611661
http://security-tracker.debian.org/tracker/CVE-2011-1134
http://www.openwall.com/lists/oss-security/2011/03/02/5
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Cross-site scripting
EUVDB-ID: #VU30701
Risk: Low
CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2011-1135
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity package before 1.5.5, allows remote attackers to execute arbitrary code in plugins/ExtendedFileManager/manager.php and plugins/ImageManager/manager.php.
MitigationInstall update from vendor's website.
Vulnerable software versionsSerendipity: 1.5.1 - 1.5.4
CPE2.3- cpe:2.3:a:s9y_org:serendipity:1.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:s9y_org:serendipity:1.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:s9y_org:serendipity:1.5.3:*:*:*:*:*:*:*
http://blog.s9y.org/archives/224-Important-Security-Update-Serendipity-1.5.5-released.html
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=611661
http://security-tracker.debian.org/tracker/CVE-2011-1135
http://www.openwall.com/lists/oss-security/2011/03/02/5
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
