CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2016-10082

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1740%
EPSS Percentile26.82th
Published2016年12月30日
Last Modified2026年5月6日

Vulnerability Description

include/functions_installer.inc.php in Serendipity through 2.0.5 is vulnerable to File Inclusion and a possible Code Execution attack during a first-time installation because it fails to sanitize the dbType POST parameter before adding it to an include() call in the bundled-libs/serendipity_generateFTPChecksums.php file.

Affected Platforms (CPE)

📦
S9y

Serendipity

<= 2.0.5

References & Advisories

🔗 http://www.securityfocus.com/bid/95165
🔗 https://github.com/s9y/Serendipity/commit/bba6a840f4d53cbaf62971a3078a98c8ddf92b85
🔗 https://github.com/s9y/Serendipity/issues/433
🔗 http://www.securityfocus.com/bid/95165
🔗 https://github.com/s9y/Serendipity/commit/bba6a840f4d53cbaf62971a3078a98c8ddf92b85
🔗 https://github.com/s9y/Serendipity/issues/433

相關漏洞威脅

CVE-2005-144910.0

Unknown vulnerability in serendipity_config_local.inc.php for Serendipity before 0.8 has unknown impact.

CVE-2005-145210.0

Serendipity before 0.8 allows Chief users to "hide plugins installed by other users."

CVE-2020-109649.8

Serendipity before 2.3.4 on Windows allows remote attackers to execute arbitrary code because the filename of a renamed file may e...

CVE-2011-11349.8

Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity package before 1.5.5, allows remote attackers to execute arbit...