Serendipity Security Vulnerabilities and Issues — Serendipity CVE List | Vulners.com

Lucene search

K

S9ySerendipity

6 matches found

CVE•added 2023/05/16 2:15 p.m.•121 views

CVE-2023-31576

An arbitrary file upload vulnerability in Serendipity 2.4-beta1 allows attackers to execute arbitrary code via a crafted HTML or Javascript file.

8.8CVSS8.7AI score0.00115EPSS

CVE•added 2017/04/24 6:59 p.m.•43 views

CVE-2017-8101

There is CSRF in Serendipity 2.0.5, allowing attackers to install any themes via a GET request.

8.8CVSS8.5AI score0.00121EPSS

CVE•added 2017/01/14 7:59 a.m.•42 views

CVE-2017-5475

comment.php in Serendipity through 2.0.5 allows CSRF in deleting any comments.

8.8CVSS8.7AI score0.00108EPSS

CVE•added 2017/01/14 7:59 a.m.•41 views

CVE-2017-5476

Serendipity through 2.0.5 allows CSRF for the installation of an event plugin or a sidebar plugin.

8.8CVSS8.7AI score0.00108EPSS

CVE•added 2017/01/28 6:59 p.m.•36 views

CVE-2017-5609

SQL injection vulnerability in include/functions_entries.inc.php in Serendipity 2.0.5 allows remote authenticated users to execute arbitrary SQL commands via the cat parameter.

8.8CVSS8.8AI score0.01013EPSS

CVE•added 2016/12/01 11:59 a.m.•34 views

CVE-2016-9752

In Serendipity before 2.0.5, an attacker can bypass SSRF protection by using a malformed IP address (e.g., http://127.1) or a 30x (aka Redirection) HTTP status code.

8.6CVSS8.5AI score0.00185EPSS