Product:

Serendipity

(S9y)
Repositories https://github.com/s9y/Serendipity
#Vulnerabilities 53
Date Id Summary Products Score Patch Annotated
2017-01-28 CVE-2017-5609 SQL injection vulnerability in include/functions_entries.inc.php in Serendipity 2.0.5 allows remote authenticated users to execute arbitrary SQL commands via the cat parameter. Serendipity 8.8
2017-01-14 CVE-2017-5476 Serendipity through 2.0.5 allows CSRF for the installation of an event plugin or a sidebar plugin. Serendipity 8.8
2017-01-14 CVE-2017-5475 comment.php in Serendipity through 2.0.5 allows CSRF in deleting any comments. Serendipity 8.8
2017-01-14 CVE-2017-5474 Open redirect vulnerability in comment.php in Serendipity through 2.0.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the HTTP Referer header. Serendipity 6.1
2017-11-17 CVE-2017-1000129 Serendipity 2.0.3 is vulnerable to a SQL injection in the blog component resulting in information disclosure Serendipity 7.5
2016-12-01 CVE-2016-9752 In Serendipity before 2.0.5, an attacker can bypass SSRF protection by using a malformed IP address (e.g., http://127.1) or a 30x (aka Redirection) HTTP status code. Serendipity 8.6
2016-12-25 CVE-2016-9681 Multiple cross-site scripting (XSS) vulnerabilities in Serendipity before 2.0.5 allow remote authenticated users to inject arbitrary web script or HTML via a category or directory name. Serendipity 5.4
2019-01-16 CVE-2016-10737 Serendipity 2.0.4 has XSS via the serendipity_admin.php serendipity[body] parameter. Serendipity 5.4
2016-12-30 CVE-2016-10082 include/functions_installer.inc.php in Serendipity through 2.0.5 is vulnerable to File Inclusion and a possible Code Execution attack during a first-time installation because it fails to sanitize the dbType POST parameter before adding it to an include() call in the bundled-libs/serendipity_generateFTPChecksums.php file. Serendipity 9.8
2016-01-12 CVE-2015-8603 Cross-site scripting (XSS) vulnerability in Serendipity before 2.0.3 allows remote attackers to inject arbitrary web script or HTML via the serendipity[entry_id] parameter in an "edit" admin action to serendipity_admin.php. Serendipity 5.4