CVE-2015-6968 - OpenCVE

Multiple incomplete blacklist vulnerabilities in the serendipity_isActiveFile function in include/functions_images.inc.php in Serendipity before 2.0.2 allow remote authenticated users to execute arbitrary PHP code by uploading a file with a (1) .pht or (2) .phtml extension.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:S/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
S9y	Serendipity

Configuration 1 [-]

cpe:2.3:a:s9y:serendipity:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://blog.curesec.com/article/blog/Serendipity-201-Code-Execution-48.html
http://blog.s9y.org/archives/265-Serendipity-2.0.2-Security-Fix-Release.html
http://packetstormsecurity.com/files/133426/Serendipity-2.0.1-Shell-Upload.html
http://seclists.org/fulldisclosure/2015/Sep/6

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2015-09-16T14:00:00Z

Updated: 2024-09-16T16:27:59.320Z

Reserved: 2015-09-16T00:00:00Z

Link: CVE-2015-6968

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2015-09-16T14:59:10.150

Modified: 2015-09-16T19:48:20.000

Link: CVE-2015-6968

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Multiple incomplete blacklist vulnerabilities in the serendipity_isActiveFile function in include/functions_images.inc.php in Serendipity before 2.0.2 allow remote authenticated users to execute arbitrary PHP code by uploading a file with a (1) .pht or (2) .phtml extension."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2015-09-16T14:00:00Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20150902 Serendipity 2.0.1 - Code Execution", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2015/Sep/6"}, {"tags": ["x_refsource_MISC"], "url": "http://blog.curesec.com/article/blog/Serendipity-201-Code-Execution-48.html"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/133426/Serendipity-2.0.1-Shell-Upload.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://blog.s9y.org/archives/265-Serendipity-2.0.2-Security-Fix-Release.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-6968", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple incomplete blacklist vulnerabilities in the serendipity_isActiveFile function in include/functions_images.inc.php in Serendipity before 2.0.2 allow remote authenticated users to execute arbitrary PHP code by uploading a file with a (1) .pht or (2) .phtml extension."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20150902 Serendipity 2.0.1 - Code Execution", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2015/Sep/6"}, {"name": "http://blog.curesec.com/article/blog/Serendipity-201-Code-Execution-48.html", "refsource": "MISC", "url": "http://blog.curesec.com/article/blog/Serendipity-201-Code-Execution-48.html"}, {"name": "http://packetstormsecurity.com/files/133426/Serendipity-2.0.1-Shell-Upload.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/133426/Serendipity-2.0.1-Shell-Upload.html"}, {"name": "http://blog.s9y.org/archives/265-Serendipity-2.0.2-Security-Fix-Release.html", "refsource": "CONFIRM", "url": "http://blog.s9y.org/archives/265-Serendipity-2.0.2-Security-Fix-Release.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T07:36:34.395Z"}, "title": "CVE Program Container", "references": [{"name": "20150902 Serendipity 2.0.1 - Code Execution", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2015/Sep/6"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://blog.curesec.com/article/blog/Serendipity-201-Code-Execution-48.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/133426/Serendipity-2.0.1-Shell-Upload.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://blog.s9y.org/archives/265-Serendipity-2.0.2-Security-Fix-Release.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2015-6968", "datePublished": "2015-09-16T14:00:00Z", "dateReserved": "2015-09-16T00:00:00Z", "dateUpdated": "2024-09-16T16:27:59.320Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:s9y:serendipity:*:*:*:*:*:*:*:*", "matchCriteriaId": "B5D005EE-D639-44A8-9522-DED5F5099B6E", "versionEndIncluding": "2.0.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple incomplete blacklist vulnerabilities in the serendipity_isActiveFile function in include/functions_images.inc.php in Serendipity before 2.0.2 allow remote authenticated users to execute arbitrary PHP code by uploading a file with a (1) .pht or (2) .phtml extension."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de lista negra incompleta en la funci\u00f3n serendipity_isActiveFile en include/functions_images.inc.php en Serendipity en versiones anteriores a 2.0.2, permite a usuarios remotos autenticados ejecutar c\u00f3digo PHP arbitrario mediante la carga de un archivo con una extensi\u00f3n (1) .pht o (2) .phtml."}], "evaluatorComment": "<a href=\"http://cwe.mitre.org/data/definitions/434.html\">CWE-434: Unrestricted Upload of File with Dangerous Type</a>", "id": "CVE-2015-6968", "lastModified": "2015-09-16T19:48:20.000", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2015-09-16T14:59:10.150", "references": [{"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://blog.curesec.com/article/blog/Serendipity-201-Code-Execution-48.html"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://blog.s9y.org/archives/265-Serendipity-2.0.2-Security-Fix-Release.html"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://packetstormsecurity.com/files/133426/Serendipity-2.0.1-Shell-Upload.html"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Patch"], "url": "http://seclists.org/fulldisclosure/2015/Sep/6"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}