CVE-2007-4282 | Vulnerability Database | Aqua Security

The Extended properties for entries (entryproperties) plugin in serendipity_event_entryproperties.php in Serendipity 1.1.3 allows remote authenticated users to bypass password protection and deliver custom entryproperties settings to the Serendipity Frontend via a certain request that modifies the password being checked.

Affected Software

Name	Vendor	Start Version	End Version
Serendipity	Serendipity	1.1.3 (including)	1.1.3 (including)
Serendipity	Ubuntu	feisty	*

References

http://blog.drinsama.de/erich/en/security/2007080801-security-issue-in-serendipity.html
http://blog.s9y.org/archives/178-Serendipity-1.1.4-released%2C-security-bug-in-entryproperties-plugin.html
http://osvdb.org/36534
http://secunia.com/advisories/26347
http://sourceforge.net/forum/forum.php?forum_id=722867
http://sourceforge.net/project/shownotes.php?group_id=75065\u0026release_id=530716
http://www.securityfocus.com/bid/25235
https://exchange.xforce.ibmcloud.com/vulnerabilities/35868
http://blog.drinsama.de/erich/en/security/2007080801-security-issue-in-serendipity.html
http://blog.s9y.org/archives/178-Serendipity-1.1.4-released%2C-security-bug-in-entryproperties-plugin.html
http://osvdb.org/36534
http://secunia.com/advisories/26347
http://sourceforge.net/forum/forum.php?forum_id=722867
http://sourceforge.net/project/shownotes.php?group_id=75065\u0026release_id=530716
http://www.securityfocus.com/bid/25235
https://exchange.xforce.ibmcloud.com/vulnerabilities/35868

NVD	https://nvd.nist.gov/vuln/detail/CVE-2007-4282
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html