GHSA-458G-Q4FH-MJ6R Serendipity has a Host Header Injection allows SMTP header injection via unvalidated HTTP_HOST in Message-ID email header

Summary Serendipity inserts $SERVER'HTTPHOST' directly into the Message-ID SMTP header without any validation beyond CRLF stripping. An attacker who can control the Host header during an email-triggering action can inject arbitrary SMTP headers into outgoing emails, enabling spam relay, BCC...

Serendipity has a Host Header Injection allows SMTP header injection via unvalidated HTTP_HOST in Message-ID email header

Summary Serendipity inserts $SERVER'HTTPHOST' directly into the Message-ID SMTP header without any validation beyond CRLF stripping. An attacker who can control the Host header during an email-triggering action can inject arbitrary SMTP headers into outgoing emails, enabling spam relay, BCC...

📄 Serendipity 2.5.0 PHP Code Injection

Serendipity version 2.5.0 proof of concept PHP code injection exploit. ============================================================================================================================================= | Title : Serendipity 2.5.0 PHP COde Injection Vulnerability | | Author : indoushka ...

CVE-2005-1449

Unknown vulnerability in serendipityconfiglocal.inc.php for Serendipity before 0.8 has unknown impact...

EUVD-2010-2961

Malware in sbrugna...

EUVD-2012-2325

Malware in sbrugna...

EUVD-2020-3365

Malware in sbrugna...

EUVD-2012-2742

Malware in sbrugna...

EUVD-2016-10553

Malware in sbrugna...

EUVD-2016-1746

Malware in sbrugna...

EUVD-2005-1452

Malware in sbrugna...

EUVD-2015-2387

Malware in sbrugna...

EUVD-2004-2149

Malware in sbrugna...

EUVD-2015-8481

Malware in sbrugna...

EUVD-2006-2495

Malware in sbrugna...

EUVD-2005-1714

Malware in sbrugna...

CVE-2010-2957

Cross-site scripting XSS vulnerability in Serendipity before 1.5.4, when "Remember me" logins are enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2013-5670

Cross-site scripting XSS vulnerability in spell-check-savedicts.php in the htmlarea SpellChecker module, as used in Serendipity before 1.7.3 and possibly other products, allows remote attackers to inject arbitrary web script or HTML via the torlist parameter...

CVE-2017-1000129

Serendipity 2.0.3 is vulnerable to a SQL injection in the blog component resulting in information disclosure...

CVE-2013-5314

Cross-site scripting XSS vulnerability in serendipityadminimageselector.php in Serendipity 1.6.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the serendipityhtmltarget parameter...