Serendipity - Vulncode-DB

Note:

This project will be discontinued after December 13, 2021. [more]

Product:
Serendipity
(S9y)

Repositories	https://github.com/s9y/Serendipity
#Vulnerabilities	53

Date	Id	Summary	Products	Score	Patch	Annotated
2006-04-20	CVE-2006-1910	config.php in S9Y Serendipity 1.0 beta 2 allows remote attackers to inject arbitrary PHP code by editing values that are stored in config.php and later executed. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.	Serendipity	N/A
2005-10-04	CVE-2005-3129	Cross-site request forgery (CSRF) vulnerability in Serendipity 0.8.4 and earlier allows remote attackers to perform unauthorized actions as a logged in user via a link or IMG tag to serendipity_admin.php.	Serendipity	N/A
2005-05-24	CVE-2005-1713	Multiple cross-site scripting (XSS) vulnerabilities in Serendipity 0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) templatedropdown and (2) shoutbox plugins.	Serendipity	N/A
2005-05-03	CVE-2005-1452	Serendipity before 0.8 allows Chief users to "hide plugins installed by other users."	Serendipity	N/A
2005-05-03	CVE-2005-1451	The media manager in Serendipity before 0.8 allows remote attackers to upload and execute arbitrary (1) .php or (2) .shtml files.	Serendipity	N/A
2005-05-03	CVE-2005-1450	Unknown vulnerability in "the function used to validate path-names for uploading media" in Serendipity before 0.8 has unknown impact.	Serendipity	N/A
2005-05-03	CVE-2005-1449	Unknown vulnerability in serendipity_config_local.inc.php for Serendipity before 0.8 has unknown impact.	Serendipity	N/A
2005-05-03	CVE-2005-1448	Cross-site scripting (XSS) vulnerability in the BBCode plugin for Serendipity before 0.8 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.	Serendipity	N/A
2005-04-13	CVE-2005-1134	SQL injection vulnerability in exit.php for Serendipity 0.8 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) url_id or (2) entry_id parameters.	Serendipity	N/A
2004-12-31	CVE-2004-2525	Cross-site scripting (XSS) vulnerability in compat.php in Serendipity before 0.7.1 allows remote attackers to inject arbitrary web script or HTML via the searchTerm variable.	Serendipity	N/A