Family: CGI abuses --> Category: attack
Serendipity XML-RPC for PHP Remote Code Injection Vulnerability Vulnerability Scan
Vulnerability Scan Summary
Checks for XML-RPC for PHP remote code injection vulnerability in Serendipity
Detailed Explanation for this Vulnerability Test
The remote web server contains a PHP script that is prone to a remote
code injection attack.
The version of Serendipity installed on the remote host is prone to
remote code execution due to a failure of its bundled XML-RPC library
to sanitize user-supplied input to the 'serendipity_xmlrpc.php'
script. This flaw may allow attackers to execute code remotely
subject to the rights of the web server userid.
See also :
Upgrade to Serendipity version 0.8.2 or later.
High / CVSS Base Score : 7
Click HERE for more information and discussions on this network vulnerability scan.