First published: Fri Dec 30 2016(Updated: )
include/functions_installer.inc.php in Serendipity through 2.0.5 is vulnerable to File Inclusion and a possible Code Execution attack during a first-time installation because it fails to sanitize the dbType POST parameter before adding it to an include() call in the bundled-libs/serendipity_generateFTPChecksums.php file.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Serendipity (S9Y) Freetag Event | <=2.0.5 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2016-10082 is rated as a critical vulnerability that can lead to file inclusion and potential code execution.
To fix CVE-2016-10082, upgrade to Serendipity version 2.0.6 or later that addresses the vulnerability.
CVE-2016-10082 affects users running Serendipity versions up to and including 2.0.5.
CVE-2016-10082 allows for file inclusion vulnerabilities that can lead to code execution during installation.
CVE-2016-10082 was reported in 2016, with versions affected including Serendipity through 2.0.5.