Serendipity Security Vulnerabilities and Issues — Serendipity CVE List

Lucene search

S9ySerendipity

10 matches found

CVE•added 2012/06/07 7:55 p.m.•52 views

CVE-2012-2762

SQL injection vulnerability in include/functions_trackbacks.inc.php in Serendipity 1.6.2 allows remote attackers to execute arbitrary SQL commands via the url parameter to comment.php.

7.5CVSS8.4AI score0.00717EPSS

CVE•added 2005/04/16 4:0 a.m.•44 views

CVE-2005-1134

SQL injection vulnerability in exit.php for Serendipity 0.8 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) url_id or (2) entry_id parameters.

7.5CVSS8.4AI score0.02264EPSS

CVE•added 2010/05/12 11:46 a.m.•44 views

CVE-2010-1916

The dynamic configuration feature in Xinha WYSIWYG editor 0.96 Beta 2 and earlier, as used in Serendipity 1.5.2 and earlier, allows remote attackers to bypass intended access restrictions and modify the configuration of arbitrary plugins via (1) crafted backend_config_secret_key_location and backen...

7.5CVSS7.3AI score0.00708EPSS

CVE•added 2005/07/10 4:0 a.m.•39 views

CVE-2004-2158

SQL injection vulnerability in Serendipity 0.7-beta1 allows remote attackers to execute arbitrary SQL commands via the entry_id parameter to (1) exit.php or (2) comment.php.

7.5CVSS8.4AI score0.02658EPSS

CVE•added 2005/05/03 4:0 a.m.•36 views

CVE-2005-1450

Unknown vulnerability in "the function used to validate path-names for uploading media" in Serendipity before 0.8 has unknown impact.

7.5CVSS7AI score0.00527EPSS

CVE•added 2012/08/13 11:55 p.m.•36 views

CVE-2012-2332

SQL injection vulnerability in serendipity/serendipity_admin.php in Serendipity before 1.6.1 allows remote attackers to execute arbitrary SQL commands via the serendipity[plugin_to_conf] parameter. NOTE: this issue might be resultant from cross-site request forgery (CSRF).

7.5CVSS8.5AI score0.01325EPSS

CVE•added 2017/11/17 5:29 a.m.•36 views

CVE-2017-1000129

Serendipity 2.0.3 is vulnerable to a SQL injection in the blog component resulting in information disclosure

7.5CVSS7.5AI score0.00315EPSS

CVE•added 2006/04/20 6:6 p.m.•35 views

CVE-2006-1910

config.php in S9Y Serendipity 1.0 beta 2 allows remote attackers to inject arbitrary PHP code by editing values that are stored in config.php and later executed. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

7.5CVSS6.6AI score0.00763EPSS

CVE•added 2006/05/20 3:2 a.m.•32 views

CVE-2006-2495

Cross-site request forgery (CSRF) vulnerability in the Entry Manager in Serendipity before 1.0-beta3 allows remote attackers to perform unauthorized actions as a logged-in user via a link or IMG tag.

7.5CVSS6.8AI score0.00717EPSS

CVE•added 2005/05/03 4:0 a.m.•30 views

CVE-2005-1451

The media manager in Serendipity before 0.8 allows remote attackers to upload and execute arbitrary (1) .php or (2) .shtml files.

7.5CVSS7.8AI score0.00717EPSS