Common Vulnerabilities and Exposures assigned an identifier CVE-2010-1916 to the following vulnerability: Name: CVE-2010-1916 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1916 Assigned: 20100511 Reference: MISC: http://www.php-security.org/2010/05/10/mops-2010-019-serendipity-wysiwyg-editor-plugin-configuration-injection-vulnerability/index.html Reference: MISC: http://www.php-security.org/2010/05/10/mops-2010-020-xinha-wysiwyg-plugin-configuration-injection-vulnerability/index.html The dynamic configuration feature in Xinha WYSIWYG editor 0.96 Beta 2 and earlier, as used in Serendipity 1.5.2 and earlier, allows remote attackers to bypass intended access restrictions and modify the configuration of arbitrary plugins via (1) crafted backend_config_secret_key_location and backend_config_hash parameters that are used in a SHA1 hash of a shared secret that can be known or externally influenced, which are not properly handled by the "Deprecated config passing" feature; or (2) crafted backend_data and backend_data[key_location] variables, which are not properly handled by the xinha_read_passed_data function. NOTE: this can be leveraged to upload and possibly execute arbitrary files via config.inc.php in the ImageManager plugin. The upstream bug report [1] has links to patches to correct this issue. [1] http://trac.xinha.org/ticket/1518
Created xinha tracking bugs for this issue Affects: fedora-all [bug 591702]
xinha-0.96.1-1.fc12 has been submitted as an update for Fedora 12. http://admin.fedoraproject.org/updates/xinha-0.96.1-1.fc12
xinha-0.96.1-2.fc13 has been submitted as an update for Fedora 13. http://admin.fedoraproject.org/updates/xinha-0.96.1-2.fc13
xinha-0.96.1-2.fc13 has been pushed to the Fedora 13 stable repository. If problems still persist, please make note of it in this bug report.
xinha-0.96.1-1.fc12 has been pushed to the Fedora 12 stable repository. If problems still persist, please make note of it in this bug report.