S9Y » Serendipity : Security Vulnerabilities, CVEs, Published In 2006 CVSS score >= 7
Cross-site request forgery (CSRF) vulnerability in the Entry Manager in Serendipity before 1.0-beta3 allows remote attackers to perform unauthorized actions as a logged-in user via a link or IMG tag.
Max CVSS
7.5
EPSS Score
1.15%
Published
2006-05-20
Updated
2011-03-08
config.php in S9Y Serendipity 1.0 beta 2 allows remote attackers to inject arbitrary PHP code by editing values that are stored in config.php and later executed. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Max CVSS
7.5
EPSS Score
0.54%
Published
2006-04-20
Updated
2008-09-05
2 vulnerabilities found