Serendipity XML-RPC for PHP Remote Code Injection
High Nessus Plugin ID 18600
SynopsisThe remote web server contains a PHP script that is prone to a remote code injection attack.
DescriptionThe version of Serendipity installed on the remote host is prone to remote code execution due to a failure of its bundled XML-RPC library to sanitize user-supplied input to the 'serendipity_xmlrpc.php' script. This flaw may allow attackers to execute code remotely subject to the privileges of the web server userid.
SolutionUpgrade to Serendipity version 0.8.2 or later.