Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Serendipity <= 1.1.3 Authentication Bypass

Medium

Synopsis

The remote host is vulnerable to a flaw that allows for the bypassing of authentication

Description

The remote host is running Serendipity, a web log application. This version of Serendipity is vulnerable to a flaw where authenticated users can access restricted 'administrative' functions. An attacker exploiting this flaw would require a user ID and password to some portion of the web application. Successful exploitation would allow the user to gain limited administrative access.

Solution

Upgrade to a version higher than 1.1.3 or 1.2-beta4.