1 results (0.002 seconds)
CVSS: 9.8EPSS: 0%CPEs: 41EXPL: 2
CVSS: 9.8EPSS: 0%CPEs: 41EXPL: 2CVE-2010-1916
https://notcve.org/view.php?id=CVE-2010-1916
12 May 2010 — The dynamic configuration feature in Xinha WYSIWYG editor 0.96 Beta 2 and earlier, as used in Serendipity 1.5.2 and earlier, allows remote attackers to bypass intended access restrictions and modify the configuration of arbitrary plugins via (1) crafted backend_config_secret_key_location and backend_config_hash parameters that are used in a SHA1 hash of a shared secret that can be known or externally influenced, which are not properly handled by the "Deprecated config passing" feature; or (2) crafted backen... • http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042577.html • CWE-264: Permissions, Privileges, and Access Controls •