CVE-2016-10082 - OpenCVE

include/functions_installer.inc.php in Serendipity through 2.0.5 is vulnerable to File Inclusion and a possible Code Execution attack during a first-time installation because it fails to sanitize the dbType POST parameter before adding it to an include() call in the bundled-libs/serendipity_generateFTPChecksums.php file.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
S9y	Serendipity

Configuration 1 [-]

cpe:2.3:a:s9y:serendipity:*:*:*:*:*:*:*:*

References

Link	Resource
http://www.securityfocus.com/bid/95165	Third Party Advisory VDB Entry
https://github.com/s9y/Serendipity/commit/bba6a840f4d53cbaf62971a3078a98c8ddf92b85	Issue Tracking Patch Third Party Advisory
https://github.com/s9y/Serendipity/issues/433	Issue Tracking Patch Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2016-12-30T07:08:00

Updated: 2017-01-02T10:57:01

Reserved: 2016-12-30T00:00:00

Link: CVE-2016-10082

JSON object: View

NVD Information

Status : Analyzed

Published: 2016-12-30T07:59:00.143

Modified: 2017-01-03T19:32:50.377

Link: CVE-2016-10082

JSON object: View

Redhat Information

No data.

CWE

CWE-284

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-12-30T00:00:00", "descriptions": [{"lang": "en", "value": "include/functions_installer.inc.php in Serendipity through 2.0.5 is vulnerable to File Inclusion and a possible Code Execution attack during a first-time installation because it fails to sanitize the dbType POST parameter before adding it to an include() call in the bundled-libs/serendipity_generateFTPChecksums.php file."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-01-02T10:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "95165", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/95165"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/s9y/Serendipity/issues/433"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/s9y/Serendipity/commit/bba6a840f4d53cbaf62971a3078a98c8ddf92b85"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2016-10082", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "include/functions_installer.inc.php in Serendipity through 2.0.5 is vulnerable to File Inclusion and a possible Code Execution attack during a first-time installation because it fails to sanitize the dbType POST parameter before adding it to an include() call in the bundled-libs/serendipity_generateFTPChecksums.php file."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "95165", "refsource": "BID", "url": "http://www.securityfocus.com/bid/95165"}, {"name": "https://github.com/s9y/Serendipity/issues/433", "refsource": "CONFIRM", "url": "https://github.com/s9y/Serendipity/issues/433"}, {"name": "https://github.com/s9y/Serendipity/commit/bba6a840f4d53cbaf62971a3078a98c8ddf92b85", "refsource": "CONFIRM", "url": "https://github.com/s9y/Serendipity/commit/bba6a840f4d53cbaf62971a3078a98c8ddf92b85"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2016-10082", "datePublished": "2016-12-30T07:08:00", "dateReserved": "2016-12-30T00:00:00", "dateUpdated": "2017-01-02T10:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:s9y:serendipity:*:*:*:*:*:*:*:*", "matchCriteriaId": "A8C50710-D1C1-4D98-8905-2331437E2C29", "versionEndIncluding": "2.0.5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "include/functions_installer.inc.php in Serendipity through 2.0.5 is vulnerable to File Inclusion and a possible Code Execution attack during a first-time installation because it fails to sanitize the dbType POST parameter before adding it to an include() call in the bundled-libs/serendipity_generateFTPChecksums.php file."}, {"lang": "es", "value": "include/functions_installer.inc.php en Serendipity hasta la versi\u00f3n 2.0.5 es vulnerable a ataques File Inclusion y posiblemente Code Execution durante una primera instalaci\u00f3n porque falla en desinfectar el par\u00e1metro dbType POST antes de a\u00f1adirlo a una llamada include() en el archivo bundled-libs/serendipity_generateFTPChecksums.php."}], "id": "CVE-2016-10082", "lastModified": "2017-01-03T19:32:50.377", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-12-30T07:59:00.143", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/95165"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://github.com/s9y/Serendipity/commit/bba6a840f4d53cbaf62971a3078a98c8ddf92b85"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://github.com/s9y/Serendipity/issues/433"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-284"}], "source": "nvd@nist.gov", "type": "Primary"}]}