CVE-2007-4282 - OpenCVE

The "Extended properties for entries" (entryproperties) plugin in serendipity_event_entryproperties.php in Serendipity 1.1.3 allows remote authenticated users to bypass password protection and "deliver custom entryproperties settings to the Serendipity Frontend" via a certain request that modifies the password being checked.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Serendipity	Serendipity

Configuration 1 [-]

cpe:2.3:a:serendipity:serendipity:1.1.3:*:*:*:*:*:*:*

References

Link	Resource
http://blog.drinsama.de/erich/en/security/2007080801-security-issue-in-serendipity.html
http://blog.s9y.org/archives/178-Serendipity-1.1.4-released%2C-security-bug-in-entryproperties-plugin.html
http://osvdb.org/36534
http://secunia.com/advisories/26347	Vendor Advisory
http://sourceforge.net/forum/forum.php?forum_id=722867	Patch
http://sourceforge.net/project/shownotes.php?group_id=75065&release_id=530716
http://www.securityfocus.com/bid/25235
https://exchange.xforce.ibmcloud.com/vulnerabilities/35868

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2007-08-09T21:00:00

Updated: 2017-07-28T12:57:01

Reserved: 2007-08-09T00:00:00

Link: CVE-2007-4282

JSON object: View

NVD Information

Status : Modified

Published: 2007-08-09T21:17:00.000

Modified: 2023-11-07T02:01:00.707

Link: CVE-2007-4282

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-08-08T00:00:00", "descriptions": [{"lang": "en", "value": "The \"Extended properties for entries\" (entryproperties) plugin in serendipity_event_entryproperties.php in Serendipity 1.1.3 allows remote authenticated users to bypass password protection and \"deliver custom entryproperties settings to the Serendipity Frontend\" via a certain request that modifies the password being checked."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "25235", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/25235"}, {"tags": ["x_refsource_MISC"], "url": "http://blog.drinsama.de/erich/en/security/2007080801-security-issue-in-serendipity.html"}, {"name": "26347", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/26347"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://sourceforge.net/project/shownotes.php?group_id=75065&release_id=530716"}, {"name": "36534", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/36534"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://sourceforge.net/forum/forum.php?forum_id=722867"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://blog.s9y.org/archives/178-Serendipity-1.1.4-released%2C-security-bug-in-entryproperties-plugin.html"}, {"name": "serendipity-extendedprop-security-bypass(35868)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35868"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-4282", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The \"Extended properties for entries\" (entryproperties) plugin in serendipity_event_entryproperties.php in Serendipity 1.1.3 allows remote authenticated users to bypass password protection and \"deliver custom entryproperties settings to the Serendipity Frontend\" via a certain request that modifies the password being checked."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "25235", "refsource": "BID", "url": "http://www.securityfocus.com/bid/25235"}, {"name": "http://blog.drinsama.de/erich/en/security/2007080801-security-issue-in-serendipity.html", "refsource": "MISC", "url": "http://blog.drinsama.de/erich/en/security/2007080801-security-issue-in-serendipity.html"}, {"name": "26347", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26347"}, {"name": "http://sourceforge.net/project/shownotes.php?group_id=75065&release_id=530716", "refsource": "CONFIRM", "url": "http://sourceforge.net/project/shownotes.php?group_id=75065&release_id=530716"}, {"name": "36534", "refsource": "OSVDB", "url": "http://osvdb.org/36534"}, {"name": "http://sourceforge.net/forum/forum.php?forum_id=722867", "refsource": "CONFIRM", "url": "http://sourceforge.net/forum/forum.php?forum_id=722867"}, {"name": "http://blog.s9y.org/archives/178-Serendipity-1.1.4-released,-security-bug-in-entryproperties-plugin.html", "refsource": "CONFIRM", "url": "http://blog.s9y.org/archives/178-Serendipity-1.1.4-released,-security-bug-in-entryproperties-plugin.html"}, {"name": "serendipity-extendedprop-security-bypass(35868)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35868"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-4282", "datePublished": "2007-08-09T21:00:00", "dateReserved": "2007-08-09T00:00:00", "dateUpdated": "2017-07-28T12:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:serendipity:serendipity:1.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "26AA8798-E46D-4F91-ABFF-B1842275D844", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The \"Extended properties for entries\" (entryproperties) plugin in serendipity_event_entryproperties.php in Serendipity 1.1.3 allows remote authenticated users to bypass password protection and \"deliver custom entryproperties settings to the Serendipity Frontend\" via a certain request that modifies the password being checked."}, {"lang": "es", "value": "La extensi\u00f3n de \"Propiedades extendidas de entrada\" (entryproperties) en el serendipity_event_entryproperties.php del Serendipity 1.1.3 permite a atacantes remotos autenticados, evitar la protecci\u00f3n de la contrase\u00f1a y \"establecer una configuraci\u00f3n de las entryproperties a medida en el Serendipity Frontend\" a trav\u00e9s de ciertas peticiones que modifican si la contrase\u00f1a ha sido validada."}], "id": "CVE-2007-4282", "lastModified": "2023-11-07T02:01:00.707", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-08-09T21:17:00.000", "references": [{"source": "cve@mitre.org", "url": "http://blog.drinsama.de/erich/en/security/2007080801-security-issue-in-serendipity.html"}, {"source": "cve@mitre.org", "url": "http://blog.s9y.org/archives/178-Serendipity-1.1.4-released%2C-security-bug-in-entryproperties-plugin.html"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/36534"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/26347"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://sourceforge.net/forum/forum.php?forum_id=722867"}, {"source": "cve@mitre.org", "url": "http://sourceforge.net/project/shownotes.php?group_id=75065&release_id=530716"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/25235"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35868"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}