Red Hat Bugzilla – Bug 591701
CVE-2010-1916 xinha: access restriction bypass [MOPS 2010-020]
Last modified: 2011-06-15 18:37:43 EDT
Common Vulnerabilities and Exposures assigned an identifier CVE-2010-1916 to
the following vulnerability:
Reference: MISC: http://www.php-security.org/2010/05/10/mops-2010-019-serendipity-wysiwyg-editor-plugin-configuration-injection-vulnerability/index.html
Reference: MISC: http://www.php-security.org/2010/05/10/mops-2010-020-xinha-wysiwyg-plugin-configuration-injection-vulnerability/index.html
The dynamic configuration feature in Xinha WYSIWYG editor 0.96 Beta 2
and earlier, as used in Serendipity 1.5.2 and earlier, allows remote
attackers to bypass intended access restrictions and modify the
configuration of arbitrary plugins via (1) crafted
backend_config_secret_key_location and backend_config_hash parameters
that are used in a SHA1 hash of a shared secret that can be known or
externally influenced, which are not properly handled by the
"Deprecated config passing" feature; or (2) crafted backend_data and
backend_data[key_location] variables, which are not properly handled
by the xinha_read_passed_data function. NOTE: this can be leveraged to
upload and possibly execute arbitrary files via config.inc.php in the
The upstream bug report  has links to patches to correct this issue.
Created xinha tracking bugs for this issue
Affects: fedora-all [bug 591702]
xinha-0.96.1-1.fc12 has been submitted as an update for Fedora 12.
xinha-0.96.1-2.fc13 has been submitted as an update for Fedora 13.
xinha-0.96.1-2.fc13 has been pushed to the Fedora 13 stable repository. If problems still persist, please make note of it in this bug report.
xinha-0.96.1-1.fc12 has been pushed to the Fedora 12 stable repository. If problems still persist, please make note of it in this bug report.