Lucene search
K

Serendipity <= 2.0.5 Multiple Vulnerabilities

🗓️ 30 Jan 2017 00:00:00Reported by Copyright (C) 2017 Greenbone AGType 
openvas
 openvas
🔗 plugins.openvas.org👁 22 Views

Serendipity <= 2.0.5 Multiple Vulnerabilities, insufficient CSRF protection, open redirect, SQL injectio

Related
Refs
Code
ReporterTitlePublishedViews
Family
CNVD
Serendipity Cross-Site Request Forgery Vulnerability
16 Jan 201700:00
cnvd
CNVD
Serendipity Cross-Site Request Forgery Vulnerability (CNVD-2017-00771)
16 Jan 201700:00
cnvd
CNVD
Serendipity Open Redirect Vulnerability
16 Jan 201700:00
cnvd
CNVD
Serendipity include/functions_entries.inc.php SQL Injection Vulnerability
6 Feb 201700:00
cnvd
CVE
CVE-2017-5474
14 Jan 201706:56
cve
CVE
CVE-2017-5475
14 Jan 201706:56
cve
CVE
CVE-2017-5476
14 Jan 201706:56
cve
CVE
CVE-2017-5609
28 Jan 201718:00
cve
Cvelist
CVE-2017-5474
14 Jan 201706:56
cvelist
Cvelist
CVE-2017-5475
14 Jan 201706:56
cvelist
Rows per page
# SPDX-FileCopyrightText: 2017 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

CPE = "cpe:/a:s9y:serendipity";

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.108060");
  script_version("2026-04-17T15:51:27+0000");
  script_cve_id("CVE-2017-5474", "CVE-2017-5475", "CVE-2017-5476", "CVE-2017-5609");
  script_tag(name:"cvss_base", value:"6.8");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_tag(name:"last_modification", value:"2026-04-17 15:51:27 +0000 (Fri, 17 Apr 2026)");
  script_tag(name:"severity_vector", value:"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
  script_tag(name:"severity_origin", value:"NVD");
  script_tag(name:"severity_date", value:"2019-03-19 15:12:00 +0000 (Tue, 19 Mar 2019)");
  script_tag(name:"creation_date", value:"2017-01-30 11:00:00 +0100 (Mon, 30 Jan 2017)");
  script_name("Serendipity <= 2.0.5 Multiple Vulnerabilities");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2017 Greenbone AG");
  script_family("Web application abuses");
  script_dependencies("gb_serendipity_http_detect.nasl");
  script_mandatory_keys("serendipity/detected");

  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/95652");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/95656");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/95659");
  script_xref(name:"URL", value:"https://blog.s9y.org/archives/272-Serendipity-2.1-First-Release-Candidate.html");

  script_tag(name:"summary", value:"Serendipity is prone to multiple vulnerabilities because of
  insufficient CSRF protection / sanitized user-supplied input.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");

  script_tag(name:"insight", value:"Multiple flaws are due to:

  - Cross-site request forgery (CSRF) for the installation of an event plugin or a sidebar plugin

  - Cross-site request forgery (CSRF) in deleting any comments

  - Open redirect vulnerability in comment.php

  - SQL injection vulnerability in include/functions_entries.inc.php");

  script_tag(name:"impact", value:"Successfully exploiting these issues allows remote attacker to:

  - redirect users to arbitrary web sites and conduct phishing attacks via a URL in the HTTP Referer header

  - perform certain unauthorized actions and gain access to the affected application

  - execute arbitrary SQL commands via the cat parameter

  Other attacks are also possible.");

  script_tag(name:"affected", value:"Serendipity versions up to 2.0.5.");

  script_tag(name:"solution", value:"Update to version 2.1-rc1 or later.");

  script_tag(name:"solution_type", value:"VendorFix");
  script_tag(name:"qod_type", value:"remote_banner");

  exit(0);
}

include("host_details.inc");
include("version_func.inc");

if( ! port = get_app_port( cpe:CPE ) )
  exit( 0 );

if( ! vers = get_app_version( cpe:CPE, port:port ) )
  exit( 0 );

if( version_is_less_equal( version:vers, test_version:"2.0.5" ) ) {
  report = report_fixed_ver( installed_version:vers, fixed_version:"2.1-rc1 or later" );
  security_message( port:port, data:report );
  exit( 0 );
}

exit( 99 );

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

17 Apr 2026 00:00Current
6.9Medium risk
Vulners AI Score6.9
CVSS 26.8
CVSS 38.8
EPSS0.01619
22