PT-2006-2894 · S9Y · S9Y Serendipity

Published

2006-04-20

Updated

2008-09-05

CVE-2006-1910

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions S9Y Serendipity version 1.0 beta 2

Description The issue allows remote attackers to inject arbitrary PHP code by editing values stored in config.php, which are later executed.

Recommendations For S9Y Serendipity version 1.0 beta 2, consider restricting access to the config.php file to prevent unauthorized modifications until a fix is available.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-1910

Affected Products

S9Y Serendipity

PT-2006-2894 · S9Y · S9Y Serendipity

CVE-2006-1910

Related Identifiers

Affected Products

References · 4