CVE-2010-1916 : Detail

The dynamic configuration feature in Xinha WYSIWYG editor 0.96 Beta 2 and earlier, as used in Serendipity 1.5.2 and earlier, allows remote attackers to bypass intended access restrictions and modify the configuration of arbitrary plugins via (1) crafted backend_config_secret_key_location and backend_config_hash parameters that are used in a SHA1 hash of a shared secret that can be known or externally influenced, which are not properly handled by the "Deprecated config passing" feature; or (2) crafted backend_data and backend_data[key_location] variables, which are not properly handled by the xinha_read_passed_data function. NOTE: this can be leveraged to upload and possibly execute arbitrary files via config.inc.php in the ImageManager plugin.

Related Weaknesses

Metrics

EPSS

EPSS Score

EPSS Percentile

Products Mentioned

Configuraton 0

Xinha>>Wysiwyg_editor >> Version 0.9

Xinha>>Wysiwyg_editor >> Version 0.91

Xinha>>Wysiwyg_editor >> Version 0.92

Xinha>>Wysiwyg_editor >> Version 0.93

Xinha>>Wysiwyg_editor >> Version 0.94

Xinha>>Wysiwyg_editor >> Version 0.95

Xinha>>Wysiwyg_editor >> Version 0.96

Xinha>>Wysiwyg_editor >> Version 0.96

S9y>>Serendipity >> Version 0.3

• S9y>>Serendipity >> Version 0.3 (Open CPE detail)

S9y>>Serendipity >> Version 0.4

• S9y>>Serendipity >> Version 0.4 (Open CPE detail)

S9y>>Serendipity >> Version 0.5

S9y>>Serendipity >> Version 0.6

S9y>>Serendipity >> Version 0.7

• S9y>>Serendipity >> Version 0.7 (Open CPE detail)

S9y>>Serendipity >> Version 0.7.1

• S9y>>Serendipity >> Version 0.7.1 (Open CPE detail)

S9y>>Serendipity >> Version 0.8

• S9y>>Serendipity >> Version 0.8 (Open CPE detail)

S9y>>Serendipity >> Version 0.8.1

• S9y>>Serendipity >> Version 0.8.1 (Open CPE detail)

S9y>>Serendipity >> Version 0.8.2

• S9y>>Serendipity >> Version 0.8.2 (Open CPE detail)

S9y>>Serendipity >> Version 0.8.3

• S9y>>Serendipity >> Version 0.8.3 (Open CPE detail)

S9y>>Serendipity >> Version 0.8.4

• S9y>>Serendipity >> Version 0.8.4 (Open CPE detail)

S9y>>Serendipity >> Version 0.8.5

• S9y>>Serendipity >> Version 0.8.5 (Open CPE detail)

S9y>>Serendipity >> Version 0.9

• S9y>>Serendipity >> Version 0.9 (Open CPE detail)

S9y>>Serendipity >> Version 0.9.1

• S9y>>Serendipity >> Version 0.9.1 (Open CPE detail)

S9y>>Serendipity >> Version 1.0

• S9y>>Serendipity >> Version 1.0 (Open CPE detail)

S9y>>Serendipity >> Version 1.0.1

• S9y>>Serendipity >> Version 1.0.1 (Open CPE detail)

S9y>>Serendipity >> Version 1.0.2

• S9y>>Serendipity >> Version 1.0.2 (Open CPE detail)

S9y>>Serendipity >> Version 1.0.3

• S9y>>Serendipity >> Version 1.0.3 (Open CPE detail)

S9y>>Serendipity >> Version 1.0.4

• S9y>>Serendipity >> Version 1.0.4 (Open CPE detail)

S9y>>Serendipity >> Version 1.1

• S9y>>Serendipity >> Version 1.1 (Open CPE detail)

S9y>>Serendipity >> Version 1.1.1

• S9y>>Serendipity >> Version 1.1.1 (Open CPE detail)

S9y>>Serendipity >> Version 1.1.2

• S9y>>Serendipity >> Version 1.1.2 (Open CPE detail)

S9y>>Serendipity >> Version 1.1.3

• S9y>>Serendipity >> Version 1.1.3 (Open CPE detail)

S9y>>Serendipity >> Version 1.1.4

• S9y>>Serendipity >> Version 1.1.4 (Open CPE detail)

S9y>>Serendipity >> Version 1.2

• S9y>>Serendipity >> Version 1.2 (Open CPE detail)

S9y>>Serendipity >> Version 1.2.1

• S9y>>Serendipity >> Version 1.2.1 (Open CPE detail)

S9y>>Serendipity >> Version 1.3

• S9y>>Serendipity >> Version 1.3 (Open CPE detail)

S9y>>Serendipity >> Version 1.3.1

• S9y>>Serendipity >> Version 1.3.1 (Open CPE detail)

S9y>>Serendipity >> Version 1.4

• S9y>>Serendipity >> Version 1.4 (Open CPE detail)

S9y>>Serendipity >> Version 1.4.1

• S9y>>Serendipity >> Version 1.4.1 (Open CPE detail)

S9y>>Serendipity >> Version 1.5

S9y>>Serendipity >> Version 1.5.1

• S9y>>Serendipity >> Version 1.5.1 (Open CPE detail)

S9y>>Serendipity >> Version 1.5.2

• S9y>>Serendipity >> Version 1.5.2 (Open CPE detail)

References