Vulnerability Description
include/functions_installer.inc.php in Serendipity through 2.0.5 is vulnerable to File Inclusion and a possible Code Execution attack during a first-time installation because it fails to sanitize the dbType POST parameter before adding it to an include() call in the bundled-libs/serendipity_generateFTPChecksums.php file.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| S9Y | Serendipity | <= 2.0.5 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/95165Third Party AdvisoryVDB Entry
- https://github.com/s9y/Serendipity/commit/bba6a840f4d53cbaf62971a3078a98c8ddf92bIssue TrackingPatchThird Party Advisory
- https://github.com/s9y/Serendipity/issues/433Issue TrackingPatchThird Party Advisory
- http://www.securityfocus.com/bid/95165Third Party AdvisoryVDB Entry
- https://github.com/s9y/Serendipity/commit/bba6a840f4d53cbaf62971a3078a98c8ddf92bIssue TrackingPatchThird Party Advisory
- https://github.com/s9y/Serendipity/issues/433Issue TrackingPatchThird Party Advisory
FAQ
What is CVE-2016-10082?
CVE-2016-10082 is a vulnerability with a CVSS score of 9.8 (CRITICAL). include/functions_installer.inc.php in Serendipity through 2.0.5 is vulnerable to File Inclusion and a possible Code Execution attack during a first-time installation because it fails to sanitize the ...
How severe is CVE-2016-10082?
CVE-2016-10082 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2016-10082?
Check the references section above for vendor advisories and patch information. Affected products include: S9Y Serendipity.