2 matches found
CVE-2005-1134
Serendipity (0.8 and earlier) is affected by an SQL injection in exit.php. The vulnerability allows remote attackers to inject arbitrary SQL via the url_id or entry_id parameters, risking data disclosure and modification. Root cause: unsafe handling of user-supplied input in SQL queries. CVSS2 ba...
Serendipity exit.php Multiple Parameter SQL Injection
The version of Serendipity installed on the remote host allows an attacker to pass arbitrary SQL code through the 'urlid' and 'entryid' parameters of the 'exit.php' script. These flaws may lead to the disclosure / modification of data or attacks against the underlying database application...