PT-2005-2685 · Serendipity · Serendipity

Published

2005-05-24

Updated

2008-09-05

CVE-2005-1712

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Serendipity version 0.8

Description The issue allows unprivileged authors to upload arbitrary media files when Serendipity is used with multiple authors.

Recommendations For Serendipity version 0.8, restrict access to media file uploads for unprivileged authors until a fix is available. Consider implementing additional access controls to limit the types of files that can be uploaded.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2005-1712

Affected Products

Serendipity

PT-2005-2685 · Serendipity · Serendipity

CVE-2005-1712

Related Identifiers

Affected Products

References · 4