S9Y Serendipity Entries Plugin Security Bypass Vulnerability

Bugtraq ID:	25235
Class:	Access Validation Error
CVE:	CVE-2007-4282
Remote:	Yes
Local:	No
Published:	Aug 08 2007 12:00AM
Updated:	May 07 2015 05:36PM
Credit:	Erich Schubert is credited with discovering this issue.
Vulnerable:	S9Y Serendipity 1.1.3 S9Y Serendipity 1.1.1 S9Y Serendipity 1.0.4 S9Y Serendipity 1.0.3 S9Y Serendipity 0.9.1 S9Y Serendipity 0.8.2 S9Y Serendipity 0.8.1 S9Y Serendipity 0.8 -beta6 Snapshot S9Y Serendipity 0.8 -beta6 S9Y Serendipity 0.8 -beta5 S9Y Serendipity 0.8 S9Y Serendipity 0.7.1 S9Y Serendipity 0.7 beta3 S9Y Serendipity 0.7 beta1 S9Y Serendipity 0.7 -rc1 S9Y Serendipity 0.7 -beta4 S9Y Serendipity 0.7 -beta2 S9Y Serendipity 0.7 S9Y Serendipity 0.6 -rc2 S9Y Serendipity 0.6 -rc1 S9Y Serendipity 0.6 -pl3 S9Y Serendipity 0.6 -pl2 S9Y Serendipity 0.6 -pl1 S9Y Serendipity 0.6 S9Y Serendipity 0.5 -pl1 S9Y Serendipity 0.5 S9Y Serendipity 0.4 S9Y Serendipity 0.3 S9Y Serendipity 1.0.beta 3 S9Y Serendipity 1.0.beta 2
Not Vulnerable:	S9Y Serendipity 1.1.4 S9Y Serendipity 1.2-beta5

S9Y Serendipity Entries Plugin Security Bypass Vulnerability

S9Y Serendipity is prone to a security-bypass vulnerability.

An attacker can exploit this issue to change property settings of entries via HTTP requests and perform unauthorized actions.

Versions prior to S9Y Serendipity 1.1.4 and 1.2-Beta5 are reported vulnerable.

NOTE: This issue affects only applications that use the extended properties for the Entries plugin.

S9Y Serendipity Entries Plugin Security Bypass Vulnerability

An attacker may exploit this issue via a browser.

S9Y Serendipity Entries Plugin Security Bypass Vulnerability

Solution:
The vendor released fixes to address this issue. Please see the references for more information.


S9Y Serendipity 1.0.beta 2

• S9Y serendipity_event_entryproperties.php
  http://svn.berlios.de/viewcvs/*checkout*/serendipity/trunk/plugins/ser endipity_event_entryproperties/serendipity_event_entryproperties.php?r ev=1831

S9Y Serendipity 1.0.beta 3

• S9Y serendipity_event_entryproperties.php
  http://svn.berlios.de/viewcvs/*checkout*/serendipity/trunk/plugins/ser endipity_event_entryproperties/serendipity_event_entryproperties.php?r ev=1831

S9Y Serendipity 0.3

• S9Y serendipity_event_entryproperties.php
  http://svn.berlios.de/viewcvs/*checkout*/serendipity/trunk/plugins/ser endipity_event_entryproperties/serendipity_event_entryproperties.php?r ev=1831

S9Y Serendipity 0.4

• S9Y serendipity_event_entryproperties.php
  http://svn.berlios.de/viewcvs/*checkout*/serendipity/trunk/plugins/ser endipity_event_entryproperties/serendipity_event_entryproperties.php?r ev=1831

S9Y Serendipity 0.5

• S9Y serendipity_event_entryproperties.php
  http://svn.berlios.de/viewcvs/*checkout*/serendipity/trunk/plugins/ser endipity_event_entryproperties/serendipity_event_entryproperties.php?r ev=1831

S9Y Serendipity 0.5 -pl1

• S9Y serendipity_event_entryproperties.php
  http://svn.berlios.de/viewcvs/*checkout*/serendipity/trunk/plugins/ser endipity_event_entryproperties/serendipity_event_entryproperties.php?r ev=1831

S9Y Serendipity 0.6

• S9Y serendipity_event_entryproperties.php
  http://svn.berlios.de/viewcvs/*checkout*/serendipity/trunk/plugins/ser endipity_event_entryproperties/serendipity_event_entryproperties.php?r ev=1831

S9Y Serendipity 0.6 -rc1

• S9Y serendipity_event_entryproperties.php
  http://svn.berlios.de/viewcvs/*checkout*/serendipity/trunk/plugins/ser endipity_event_entryproperties/serendipity_event_entryproperties.php?r ev=1831

S9Y Serendipity 0.6 -pl3

• S9Y serendipity_event_entryproperties.php
  http://svn.berlios.de/viewcvs/*checkout*/serendipity/trunk/plugins/ser endipity_event_entryproperties/serendipity_event_entryproperties.php?r ev=1831

S9Y Serendipity 0.6 -rc2

• S9Y serendipity_event_entryproperties.php
  http://svn.berlios.de/viewcvs/*checkout*/serendipity/trunk/plugins/ser endipity_event_entryproperties/serendipity_event_entryproperties.php?r ev=1831

S9Y Serendipity 0.6 -pl2

• S9Y serendipity_event_entryproperties.php
  http://svn.berlios.de/viewcvs/*checkout*/serendipity/trunk/plugins/ser endipity_event_entryproperties/serendipity_event_entryproperties.php?r ev=1831

S9Y Serendipity 0.6 -pl1

• S9Y serendipity_event_entryproperties.php
  http://svn.berlios.de/viewcvs/*checkout*/serendipity/trunk/plugins/ser endipity_event_entryproperties/serendipity_event_entryproperties.php?r ev=1831

S9Y Serendipity 0.7 -rc1

• S9Y serendipity_event_entryproperties.php
  http://svn.berlios.de/viewcvs/*checkout*/serendipity/trunk/plugins/ser endipity_event_entryproperties/serendipity_event_entryproperties.php?r ev=1831

S9Y Serendipity 0.7 beta1

• S9Y serendipity_event_entryproperties.php
  http://svn.berlios.de/viewcvs/*checkout*/serendipity/trunk/plugins/ser endipity_event_entryproperties/serendipity_event_entryproperties.php?r ev=1831

S9Y Serendipity 0.7 beta3

• S9Y serendipity_event_entryproperties.php
  http://svn.berlios.de/viewcvs/*checkout*/serendipity/trunk/plugins/ser endipity_event_entryproperties/serendipity_event_entryproperties.php?r ev=1831

S9Y Serendipity 0.7

• S9Y serendipity_event_entryproperties.php
  http://svn.berlios.de/viewcvs/*checkout*/serendipity/trunk/plugins/ser endipity_event_entryproperties/serendipity_event_entryproperties.php?r ev=1831

S9Y Serendipity 0.7 -beta4

• S9Y serendipity_event_entryproperties.php
  http://svn.berlios.de/viewcvs/*checkout*/serendipity/trunk/plugins/ser endipity_event_entryproperties/serendipity_event_entryproperties.php?r ev=1831

S9Y Serendipity 0.7 -beta2

• S9Y serendipity_event_entryproperties.php
  http://svn.berlios.de/viewcvs/*checkout*/serendipity/trunk/plugins/ser endipity_event_entryproperties/serendipity_event_entryproperties.php?r ev=1831

S9Y Serendipity 0.7.1

• S9Y serendipity_event_entryproperties.php
  http://svn.berlios.de/viewcvs/*checkout*/serendipity/trunk/plugins/ser endipity_event_entryproperties/serendipity_event_entryproperties.php?r ev=1831

S9Y Serendipity 0.8

• S9Y serendipity_event_entryproperties.php
  http://svn.berlios.de/viewcvs/*checkout*/serendipity/trunk/plugins/ser endipity_event_entryproperties/serendipity_event_entryproperties.php?r ev=1831

S9Y Serendipity 0.8 -beta6

• S9Y serendipity_event_entryproperties.php
  http://svn.berlios.de/viewcvs/*checkout*/serendipity/trunk/plugins/ser endipity_event_entryproperties/serendipity_event_entryproperties.php?r ev=1831

S9Y Serendipity 0.8 -beta5

• S9Y serendipity_event_entryproperties.php
  http://svn.berlios.de/viewcvs/*checkout*/serendipity/trunk/plugins/ser endipity_event_entryproperties/serendipity_event_entryproperties.php?r ev=1831

S9Y Serendipity 0.8 -beta6 Snapshot

• S9Y serendipity_event_entryproperties.php
  http://svn.berlios.de/viewcvs/*checkout*/serendipity/trunk/plugins/ser endipity_event_entryproperties/serendipity_event_entryproperties.php?r ev=1831

S9Y Serendipity 0.8.1

• S9Y serendipity_event_entryproperties.php
  http://svn.berlios.de/viewcvs/*checkout*/serendipity/trunk/plugins/ser endipity_event_entryproperties/serendipity_event_entryproperties.php?r ev=1831

S9Y Serendipity 0.8.2

• S9Y serendipity_event_entryproperties.php
  http://svn.berlios.de/viewcvs/*checkout*/serendipity/trunk/plugins/ser endipity_event_entryproperties/serendipity_event_entryproperties.php?r ev=1831

S9Y Serendipity 0.9.1

• S9Y serendipity_event_entryproperties.php
  http://svn.berlios.de/viewcvs/*checkout*/serendipity/trunk/plugins/ser endipity_event_entryproperties/serendipity_event_entryproperties.php?r ev=1831

S9Y Serendipity 1.0.3

• S9Y serendipity_event_entryproperties.php
  http://svn.berlios.de/viewcvs/*checkout*/serendipity/trunk/plugins/ser endipity_event_entryproperties/serendipity_event_entryproperties.php?r ev=1831

S9Y Serendipity 1.0.4

• S9Y serendipity_event_entryproperties.php
  http://svn.berlios.de/viewcvs/*checkout*/serendipity/trunk/plugins/ser endipity_event_entryproperties/serendipity_event_entryproperties.php?r ev=1831

S9Y Serendipity 1.1.1

• S9Y serendipity_event_entryproperties.php
  http://svn.berlios.de/viewcvs/*checkout*/serendipity/trunk/plugins/ser endipity_event_entryproperties/serendipity_event_entryproperties.php?r ev=1831

S9Y Serendipity 1.1.3

• S9Y serendipity_event_entryproperties.php
  http://svn.berlios.de/viewcvs/*checkout*/serendipity/trunk/plugins/ser endipity_event_entryproperties/serendipity_event_entryproperties.php?r ev=1831

S9Y Serendipity Entries Plugin Security Bypass Vulnerability

References:

• Serendipity Homepage (S9Y)
  
• Serendipit y 1.1.4 and 1.2-beta5 released because of plugin (S9Y)