|
|
CVE Reference: CVE-2007-4282 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2007-4282 |
|
|
Description: The "Extended properties for entries" (entryproperties) plugin in serendipity_event_entryproperties.php in Serendipity 1.1.3 allows remote authenticated users to bypass password protection and "deliver custom entryproperties settings to the Serendipity Frontend" via a certain request that modifies the password being checked. |
|
|
CVE Status: Candidate |
|
|
References: XF http://xforce.iss.net/xforce/xfdb/35868 SAID Secunia Advisory: SA26347 OSVDB 36534 MISC http://blog.drinsama.de/erich/en/security/2007080801-security-issue-in-serendipity.html CONFIRM http://blog.s9y.org/archives/178-Serendipity-1.1.4-released,-security-bug-in-entryproperties-plugin.html http://sourceforge.net/forum/forum.php?forum_id=722867 http://sourceforge.net/project/shownotes.php?group_id=75065&release_id=530716 BID 25235 |
|
| Return to the previous page. |
