Ubuntu.comUB:CVE-2015-6943CVE-2015-6943
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:P/I:P/A:P
EPSS
Percentile
67.9%
SQL injection vulnerability in the serendipity_checkCommentToken function
in include/functions_comments.inc.php in Serendipity before 2.0.2, when
“Use Tokens for Comment Moderation” is enabled, allows remote
administrators to execute arbitrary SQL commands via the serendipity[id]
parameter to serendipity_admin.php.
References
blog.curesec.com/article/blog/Serendipity-201-Blind-SQL-Injection-52.html
blog.s9y.org/archives/265-Serendipity-2.0.2-Security-Fix-Release.html
packetstormsecurity.com/files/133428/Serendipity-2.0.1-Blind-SQL-Injection.html
seclists.org/fulldisclosure/2015/Sep/10
launchpad.net/bugs/cve/CVE-2015-6943
nvd.nist.gov/vuln/detail/CVE-2015-6943
security-tracker.debian.org/tracker/CVE-2015-6943
www.cve.org/CVERecord?id=CVE-2015-6943
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:P/I:P/A:P
EPSS
Percentile
67.9%