Serendipity XML-RPC for PHP Remote Code Injection

high Nessus Plugin ID 18600

Synopsis

The remote web server contains a PHP script that is prone to a remote code injection attack.

Description

The version of Serendipity installed on the remote host is prone to remote code execution due to a failure of its bundled XML-RPC library to sanitize user-supplied input to the 'serendipity_xmlrpc.php' script. This flaw may allow attackers to execute code remotely subject to the privileges of the web server userid.

Solution

Upgrade to Serendipity version 0.8.2 or later.

See Also

http://www.hardened-php.net/advisory-022005.php

https://seclists.org/bugtraq/2005/Jun/286

http://www.nessus.org/u?041cce31

Plugin Details

Severity: High

ID: 18600

File Name: serendipity_xmlrpc_code_injection.nasl

Version: 1.26

Type: remote

Family: CGI abuses

Published: 7/1/2005

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.2

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/a:s9y:serendipity

Required KB Items: www/serendipity

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Ease: No exploit is required

Vulnerability Publication Date: 6/29/2005

Exploitable With

Metasploit (PHP XML-RPC Arbitrary Code Execution)

Reference Information

CVE: CVE-2005-1921

BID: 14088