Summary
This host is running Serendipity and is prone to arbitrary file upload vulnerability.
Impact
Successful exploitation will allow attacker to upload PHP scripts and execute arbitrary commands on a web server with a specific configuration.
Impact Level: Application
Solution
Upgrade to Serendipity version 1.5 or later.
For updates refer to http://www.s9y.org/12.html
Insight
The flaw is due to an input validation error in the file upload functionality when processing a file with a filename containing multiple file extensions.
Affected
Serendipity version prior to 1.5 on all platforms.
References
Severity
Classification
-
CVE CVE-2009-4412 -
CVSS Base Score: 6.0
AV:N/AC:M/Au:S/C:P/I:P/A:P
Related Vulnerabilities