CVE-2010-1916

Name of the Vulnerable Software and Affected Versions Xinha WYSIWYG editor versions 0.96 Beta 2 and earlier Serendipity versions 1.5.2 and earlier

Description The issue allows remote attackers to bypass intended access restrictions and modify the configuration of arbitrary plugins. This can be achieved through crafted backend config secret key location and backend config hash parameters used in a SHA1 hash of a shared secret, or through crafted backend data and backend data[key location] variables. The vulnerability can be leveraged to upload and possibly execute arbitrary files via config.inc.php in the ImageManager plugin.

Recommendations For Xinha WYSIWYG editor versions 0.96 Beta 2 and earlier, consider disabling the dynamic configuration feature until a patch is available. For Serendipity versions 1.5.2 and earlier, restrict access to the ImageManager plugin to minimize the risk of exploitation. Avoid using the backend config secret key location and backend config hash parameters in the affected API endpoints until the issue is resolved. As a temporary workaround, consider disabling the xinha read passed data function until a patch is available.