Xinha Dynamic Configuration Arbitrary File Upload Vulnerability
BID:40033
Info
Xinha Dynamic Configuration Arbitrary File Upload Vulnerability
| Bugtraq ID: | 40033 |
| Class: | Design Error |
| CVE: |
CVE-2010-1916 |
| Remote: | Yes |
| Local: | No |
| Published: | May 10 2010 12:00AM |
| Updated: | Apr 13 2015 09:17PM |
| Credit: | Stefan Esser |
| Vulnerable: |
Xinha Xinha 0.96 beta2 Xinha Xinha 0.95 |
| Not Vulnerable: | |
Discussion
Xinha Dynamic Configuration Arbitrary File Upload Vulnerability
Xinha is prone to a vulnerability that lets attackers upload arbitrary files. The issue occurs because the application fails to properly restrict configuration changes.
An attacker can exploit this vulnerability to upload arbitrary code and run it in the context of the webserver process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible.
Xinha 0.96 beta2 is vulnerable; other versions may also be affected. In addition, versions prior to Serendipity 1.5.3 utilize vulnerable versions of Xinha and are therefore also vulnerable.
Xinha is prone to a vulnerability that lets attackers upload arbitrary files. The issue occurs because the application fails to properly restrict configuration changes.
An attacker can exploit this vulnerability to upload arbitrary code and run it in the context of the webserver process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible.
Xinha 0.96 beta2 is vulnerable; other versions may also be affected. In addition, versions prior to Serendipity 1.5.3 utilize vulnerable versions of Xinha and are therefore also vulnerable.
Exploit / POC
Xinha Dynamic Configuration Arbitrary File Upload Vulnerability
Attackers can exploit this issue via a browser.
Attackers can exploit this issue via a browser.
Solution / Fix
Xinha Dynamic Configuration Arbitrary File Upload Vulnerability
Solution:
Updates are available. Please see the references for more information.
Xinha Xinha 0.96 beta2
Xinha Xinha 0.95
Solution:
Updates are available. Please see the references for more information.
Xinha Xinha 0.96 beta2
-
Xinha php-xinha.php
http://trac.xinha.org/export/1257/trunk/contrib/php-xinha.php
Xinha Xinha 0.95
-
Xinha php-xinha.php
http://trac.xinha.org/export/1257/trunk/contrib/php-xinha.php
References
Xinha Dynamic Configuration Arbitrary File Upload Vulnerability
References:
References:
- MOPS-2010-019: Serendipity WYSIWYG Editor Plugin Configuration Injection Vulnera (Stefan Esser)
- MOPS-2010-020: Xinha WYSIWYG Plugin Configuration Injection Vulnerability (Stefan Esser)
- Serendipity Homepage (S9Y)
- Ticket #1518 Month of PHP Security - Serious Xinha Security Hole (Xinha)
- Xinha Homepage (Xinha)