S9Y : Security Vulnerabilities, CVEs, CVSS score >= 6
An arbitrary file upload vulnerability in Serendipity 2.4-beta1 allows attackers to execute arbitrary code via a crafted HTML or Javascript file.
Max CVSS
8.8
EPSS Score
0.09%
Published
2023-05-16
Updated
2023-05-23
Serendipity before 2.3.4 on Windows allows remote attackers to execute arbitrary code because the filename of a renamed file may end with a dot. This file may then be renamed to have a .php filename.
Max CVSS
9.8
EPSS Score
2.22%
Published
2020-03-25
Updated
2020-03-27
Serendipity before 2.1.5 has XSS via EXIF data that is mishandled in the templates/2k11/admin/media_choose.tpl Editor Preview feature or the templates/2k11/admin/media_items.tpl Media Library feature.
Max CVSS
6.1
EPSS Score
0.14%
Published
2019-05-09
Updated
2019-05-10
Serendipity 2.0.3 is vulnerable to a SQL injection in the blog component resulting in information disclosure
Max CVSS
7.5
EPSS Score
0.12%
Published
2017-11-17
Updated
2017-11-29
There is CSRF in Serendipity 2.0.5, allowing attackers to install any themes via a GET request.
Max CVSS
8.8
EPSS Score
0.09%
Published
2017-04-24
Updated
2017-04-27
SQL injection vulnerability in include/functions_entries.inc.php in Serendipity 2.0.5 allows remote authenticated users to execute arbitrary SQL commands via the cat parameter.
Max CVSS
8.8
EPSS Score
0.14%
Published
2017-01-28
Updated
2019-03-19
Serendipity through 2.0.5 allows CSRF for the installation of an event plugin or a sidebar plugin.
Max CVSS
8.8
EPSS Score
0.07%
Published
2017-01-14
Updated
2017-01-25
comment.php in Serendipity through 2.0.5 allows CSRF in deleting any comments.
Max CVSS
8.8
EPSS Score
0.07%
Published
2017-01-14
Updated
2017-01-25
Open redirect vulnerability in comment.php in Serendipity through 2.0.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the HTTP Referer header.
Max CVSS
6.1
EPSS Score
0.11%
Published
2017-01-14
Updated
2017-01-25
serendipity_moveMediaDirectory in Serendipity 2.0.3 allows remote attackers to upload and execute arbitrary PHP code because it mishandles an extensionless filename during a rename, as demonstrated by "php" as a filename.
Max CVSS
9.8
EPSS Score
0.60%
Published
2019-05-24
Updated
2019-05-29
include/functions_installer.inc.php in Serendipity through 2.0.5 is vulnerable to File Inclusion and a possible Code Execution attack during a first-time installation because it fails to sanitize the dbType POST parameter before adding it to an include() call in the bundled-libs/serendipity_generateFTPChecksums.php file.
Max CVSS
9.8
EPSS Score
0.60%
Published
2016-12-30
Updated
2017-01-03
In Serendipity before 2.0.5, an attacker can bypass SSRF protection by using a malformed IP address (e.g., http://127.1) or a 30x (aka Redirection) HTTP status code.
Max CVSS
8.6
EPSS Score
0.20%
Published
2016-12-01
Updated
2016-12-03
Multiple incomplete blacklist vulnerabilities in the serendipity_isActiveFile function in include/functions_images.inc.php in Serendipity before 2.0.2 allow remote authenticated users to execute arbitrary PHP code by uploading a file with a (1) .pht or (2) .phtml extension.
Max CVSS
6.5
EPSS Score
0.36%
Published
2015-09-16
Updated
2015-09-16
SQL injection vulnerability in the serendipity_checkCommentToken function in include/functions_comments.inc.php in Serendipity before 2.0.2, when "Use Tokens for Comment Moderation" is enabled, allows remote administrators to execute arbitrary SQL commands via the serendipity[id] parameter to serendipity_admin.php.
Max CVSS
6.0
EPSS Score
0.27%
Published
2015-09-15
Updated
2016-12-22
SQL injection vulnerability in include/functions_trackbacks.inc.php in Serendipity 1.6.2 allows remote attackers to execute arbitrary SQL commands via the url parameter to comment.php.
Max CVSS
7.5
EPSS Score
0.42%
Published
2012-06-07
Updated
2017-08-29
SQL injection vulnerability in serendipity/serendipity_admin.php in Serendipity before 1.6.1 allows remote attackers to execute arbitrary SQL commands via the serendipity[plugin_to_conf] parameter. NOTE: this issue might be resultant from cross-site request forgery (CSRF).
Max CVSS
7.5
EPSS Score
3.31%
Published
2012-08-13
Updated
2012-08-14
Serendipity before 1.6 has an XSS issue in the karma plugin which may allow privilege escalation.
Max CVSS
6.1
EPSS Score
0.23%
Published
2019-11-26
Updated
2019-12-11
A Cross-site Scripting (XSS) vulnerability exists in the Serendipity freetag plugin before 3.30 in the tagcloud parameter to plugins/serendipity_event_freetag/tagcloud.swf.
Max CVSS
6.1
EPSS Score
0.52%
Published
2020-01-22
Updated
2020-06-23
Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity package before 1.5.5, allows remote attackers to execute arbitrary code in plugins/ExtendedFileManager/manager.php and plugins/ImageManager/manager.php.
Max CVSS
6.1
EPSS Score
0.58%
Published
2019-11-05
Updated
2019-11-08
Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity package before 1.5.5, allows remote attackers to execute arbitrary code in the image manager.
Max CVSS
9.8
EPSS Score
1.34%
Published
2019-11-05
Updated
2019-11-08
Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity package before 1.5.5, allows remote attackers to execute arbitrary code via plugins/ExtendedFileManager/backend.php.
Max CVSS
6.1
EPSS Score
0.58%
Published
2019-11-05
Updated
2019-11-08
The dynamic configuration feature in Xinha WYSIWYG editor 0.96 Beta 2 and earlier, as used in Serendipity 1.5.2 and earlier, allows remote attackers to bypass intended access restrictions and modify the configuration of arbitrary plugins via (1) crafted backend_config_secret_key_location and backend_config_hash parameters that are used in a SHA1 hash of a shared secret that can be known or externally influenced, which are not properly handled by the "Deprecated config passing" feature; or (2) crafted backend_data and backend_data[key_location] variables, which are not properly handled by the xinha_read_passed_data function. NOTE: this can be leveraged to upload and possibly execute arbitrary files via config.inc.php in the ImageManager plugin.
Max CVSS
7.5
EPSS Score
2.04%
Published
2010-05-12
Updated
2010-06-13
Unrestricted file upload vulnerability in Serendipity before 1.5 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension followed by a safe extension, then accessing it via a direct request to the file in an unspecified directory. NOTE: some of these details are obtained from third party information.
Max CVSS
6.0
EPSS Score
1.42%
Published
2009-12-24
Updated
2017-08-17
SQL injection vulnerability in the Freetag (serendipity_event_freetag) plugin before 3.09 for Serendipity (S9Y) allows remote attackers to execute arbitrary SQL commands via an unspecified parameter associated with Meta keywords in a blog entry.
Max CVSS
7.5
EPSS Score
0.22%
Published
2009-09-24
Updated
2020-06-23
Multiple directory traversal vulnerabilities in Serendipity 1.0.3 and earlier allow remote attackers to read or include arbitrary local files via a .. (dot dot) sequence in the serendipity[charset] parameter in (1) include/lang.inc.php; or to plugins/ scripts (2) serendipity_event_bbcode/serendipity_event_bbcode.php, (3) serendipity_event_browsercompatibility/serendipity_event_browsercompatibility.php, (4) serendipity_event_contentrewrite/serendipity_event_contentrewrite.php, (5) serendipity_event_creativecommons/serendipity_event_creativecommons.php, (6) serendipity_event_emoticate/serendipity_event_emoticate.php, (7) serendipity_event_entryproperties/serendipity_event_entryproperties.php, (8) serendipity_event_karma/serendipity_event_karma.php, (9) serendipity_event_livesearch/serendipity_event_livesearch.php, (10) serendipity_event_mailer/serendipity_event_mailer.php, (11) serendipity_event_nl2br/serendipity_event_nl2br.php, (12) serendipity_event_s9ymarkup/serendipity_event_s9ymarkup.php, (13) serendipity_event_searchhighlight/serendipity_event_searchhighlight.php, (14) serendipity_event_spamblock/serendipity_event_spamblock.php, (15) serendipity_event_spartacus/serendipity_event_spartacus.php, (16) serendipity_event_statistics/serendipity_plugin_statistics.php, (17) serendipity_event_templatechooser/serendipity_event_templatechooser.php, (18) serendipity_event_textile/serendipity_event_textile.php, (19) serendipity_event_textwiki/serendipity_event_textwiki.php, (20) serendipity_event_trackexits/serendipity_event_trackexits.php, (21) serendipity_event_weblogping/serendipity_event_weblogping.php, (22) serendipity_event_xhtmlcleanup/serendipity_event_xhtmlcleanup.php, (23) serendipity_plugin_comments/serendipity_plugin_comments.php, (24) serendipity_plugin_creativecommons/serendipity_plugin_creativecommons.php, (25) serendipity_plugin_entrylinks/serendipity_plugin_entrylinks.php, (26) serendipity_plugin_eventwrapper/serendipity_plugin_eventwrapper.php, (27) serendipity_plugin_history/serendipity_plugin_history.php, (28) serendipity_plugin_recententries/serendipity_plugin_recententries.php, (29) serendipity_plugin_remoterss/serendipity_plugin_remoterss.php, (30) serendipity_plugin_shoutbox/serendipity_plugin_shoutbox.php, and and (31) serendipity_plugin_templatedropdown/serendipity_plugin_templatedropdown.php.
Max CVSS
6.8
EPSS Score
3.25%
Published
2006-12-03
Updated
2017-10-19