CVE-2007-4282 - OpenCVE

The "Extended properties for entries" (entryproperties) plugin in serendipity_event_entryproperties.php in Serendipity 1.1.3 allows remote authenticated users to bypass password protection and "deliver custom entryproperties settings to the Serendipity Frontend" via a certain request that modifies the password being checked.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Serendipity	Serendipity

Configuration 1 [-]

cpe:2.3:a:serendipity:serendipity:1.1.3:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://blog.drinsama.de/erich/en/security/2007080801-security-issue-in-serendipity.html
http://blog.s9y.org/archives/178-Serendipity-1.1.4-released%2C-security-bug-in-entryproperties-plugin.html
http://osvdb.org/36534
http://secunia.com/advisories/26347
http://sourceforge.net/forum/forum.php?forum_id=722867
http://sourceforge.net/project/shownotes.php?group_id=75065&release_id=530716
http://www.securityfocus.com/bid/25235
https://exchange.xforce.ibmcloud.com/vulnerabilities/35868

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-08-09T21:00:00

Updated: 2024-08-07T14:46:39.677Z

Reserved: 2007-08-09T00:00:00

Link: CVE-2007-4282

Vulnrichment

No data.

NVD

Status : Modified

Published: 2007-08-09T21:17:00.000

Modified: 2023-11-07T02:01:00.707

Link: CVE-2007-4282

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-08-08T00:00:00", "descriptions": [{"lang": "en", "value": "The \"Extended properties for entries\" (entryproperties) plugin in serendipity_event_entryproperties.php in Serendipity 1.1.3 allows remote authenticated users to bypass password protection and \"deliver custom entryproperties settings to the Serendipity Frontend\" via a certain request that modifies the password being checked."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "25235", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/25235"}, {"tags": ["x_refsource_MISC"], "url": "http://blog.drinsama.de/erich/en/security/2007080801-security-issue-in-serendipity.html"}, {"name": "26347", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/26347"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://sourceforge.net/project/shownotes.php?group_id=75065&release_id=530716"}, {"name": "36534", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/36534"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://sourceforge.net/forum/forum.php?forum_id=722867"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://blog.s9y.org/archives/178-Serendipity-1.1.4-released%2C-security-bug-in-entryproperties-plugin.html"}, {"name": "serendipity-extendedprop-security-bypass(35868)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35868"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-4282", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The \"Extended properties for entries\" (entryproperties) plugin in serendipity_event_entryproperties.php in Serendipity 1.1.3 allows remote authenticated users to bypass password protection and \"deliver custom entryproperties settings to the Serendipity Frontend\" via a certain request that modifies the password being checked."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "25235", "refsource": "BID", "url": "http://www.securityfocus.com/bid/25235"}, {"name": "http://blog.drinsama.de/erich/en/security/2007080801-security-issue-in-serendipity.html", "refsource": "MISC", "url": "http://blog.drinsama.de/erich/en/security/2007080801-security-issue-in-serendipity.html"}, {"name": "26347", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26347"}, {"name": "http://sourceforge.net/project/shownotes.php?group_id=75065&release_id=530716", "refsource": "CONFIRM", "url": "http://sourceforge.net/project/shownotes.php?group_id=75065&release_id=530716"}, {"name": "36534", "refsource": "OSVDB", "url": "http://osvdb.org/36534"}, {"name": "http://sourceforge.net/forum/forum.php?forum_id=722867", "refsource": "CONFIRM", "url": "http://sourceforge.net/forum/forum.php?forum_id=722867"}, {"name": "http://blog.s9y.org/archives/178-Serendipity-1.1.4-released,-security-bug-in-entryproperties-plugin.html", "refsource": "CONFIRM", "url": "http://blog.s9y.org/archives/178-Serendipity-1.1.4-released,-security-bug-in-entryproperties-plugin.html"}, {"name": "serendipity-extendedprop-security-bypass(35868)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35868"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T14:46:39.677Z"}, "title": "CVE Program Container", "references": [{"name": "25235", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/25235"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://blog.drinsama.de/erich/en/security/2007080801-security-issue-in-serendipity.html"}, {"name": "26347", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/26347"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://sourceforge.net/project/shownotes.php?group_id=75065&release_id=530716"}, {"name": "36534", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/36534"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://sourceforge.net/forum/forum.php?forum_id=722867"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://blog.s9y.org/archives/178-Serendipity-1.1.4-released%2C-security-bug-in-entryproperties-plugin.html"}, {"name": "serendipity-extendedprop-security-bypass(35868)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35868"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-4282", "datePublished": "2007-08-09T21:00:00", "dateReserved": "2007-08-09T00:00:00", "dateUpdated": "2024-08-07T14:46:39.677Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:serendipity:serendipity:1.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "26AA8798-E46D-4F91-ABFF-B1842275D844", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The \"Extended properties for entries\" (entryproperties) plugin in serendipity_event_entryproperties.php in Serendipity 1.1.3 allows remote authenticated users to bypass password protection and \"deliver custom entryproperties settings to the Serendipity Frontend\" via a certain request that modifies the password being checked."}, {"lang": "es", "value": "La extensi\u00f3n de \"Propiedades extendidas de entrada\" (entryproperties) en el serendipity_event_entryproperties.php del Serendipity 1.1.3 permite a atacantes remotos autenticados, evitar la protecci\u00f3n de la contrase\u00f1a y \"establecer una configuraci\u00f3n de las entryproperties a medida en el Serendipity Frontend\" a trav\u00e9s de ciertas peticiones que modifican si la contrase\u00f1a ha sido validada."}], "id": "CVE-2007-4282", "lastModified": "2023-11-07T02:01:00.707", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-08-09T21:17:00.000", "references": [{"source": "cve@mitre.org", "url": "http://blog.drinsama.de/erich/en/security/2007080801-security-issue-in-serendipity.html"}, {"source": "cve@mitre.org", "url": "http://blog.s9y.org/archives/178-Serendipity-1.1.4-released%2C-security-bug-in-entryproperties-plugin.html"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/36534"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/26347"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://sourceforge.net/forum/forum.php?forum_id=722867"}, {"source": "cve@mitre.org", "url": "http://sourceforge.net/project/shownotes.php?group_id=75065&release_id=530716"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/25235"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35868"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}