Serendipity XML-RPC for PHP Remote Code Injection

High Nessus Plugin ID 18600

Synopsis

The remote web server contains a PHP script that is prone to a remote code injection attack.

Description

The version of Serendipity installed on the remote host is prone to remote code execution due to a failure of its bundled XML-RPC library to sanitize user-supplied input to the 'serendipity_xmlrpc.php' script. This flaw may allow attackers to execute code remotely subject to the privileges of the web server userid.

Solution

Upgrade to Serendipity version 0.8.2 or later.

See Also

https://seclists.org/bugtraq/2005/Jun/286

http://www.hardened-php.net/advisory-022005.php

http://www.nessus.org/u?041cce31

Plugin Details

Severity: High

ID: 18600

File Name: serendipity_xmlrpc_code_injection.nasl

Version: 1.24

Type: remote

Family: CGI abuses

Published: 2005/07/01

Updated: 2018/11/15

Dependencies: 18054

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 7.5

Temporal Score: 6.2

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:s9y:serendipity

Required KB Items: www/serendipity

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Available: false

Exploit Ease: No exploit is required

Vulnerability Publication Date: 2005/06/29

Exploitable With

Metasploit (PHP XML-RPC Arbitrary Code Execution)

Reference Information

CVE: CVE-2005-1921

BID: 14088