Serendipity 2.0.3 is vulnerable to a SQL injection in the blog component resulting in information disclosure
Max CVSS
7.5
EPSS Score
0.11%
Published
2017-11-17
Updated
2017-11-29
SQL injection vulnerability in include/functions_entries.inc.php in Serendipity 2.0.5 allows remote authenticated users to execute arbitrary SQL commands via the cat parameter.
Max CVSS
8.8
EPSS Score
0.14%
Published
2017-01-28
Updated
2019-03-19
SQL injection vulnerability in the serendipity_checkCommentToken function in include/functions_comments.inc.php in Serendipity before 2.0.2, when "Use Tokens for Comment Moderation" is enabled, allows remote administrators to execute arbitrary SQL commands via the serendipity[id] parameter to serendipity_admin.php.
Max CVSS
6.0
EPSS Score
0.27%
Published
2015-09-15
Updated
2016-12-22
SQL injection vulnerability in include/functions_trackbacks.inc.php in Serendipity 1.6.2 allows remote attackers to execute arbitrary SQL commands via the url parameter to comment.php.
Max CVSS
7.5
EPSS Score
0.42%
Published
2012-06-07
Updated
2017-08-29
SQL injection vulnerability in serendipity/serendipity_admin.php in Serendipity before 1.6.1 allows remote attackers to execute arbitrary SQL commands via the serendipity[plugin_to_conf] parameter. NOTE: this issue might be resultant from cross-site request forgery (CSRF).
Max CVSS
7.5
EPSS Score
2.83%
Published
2012-08-13
Updated
2012-08-14
SQL injection vulnerability in exit.php for Serendipity 0.8 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) url_id or (2) entry_id parameters.
Max CVSS
7.5
EPSS Score
0.80%
Published
2005-04-13
Updated
2017-07-11
SQL injection vulnerability in Serendipity 0.7-beta1 allows remote attackers to execute arbitrary SQL commands via the entry_id parameter to (1) exit.php or (2) comment.php.
Max CVSS
7.5
EPSS Score
0.91%
Published
2004-12-31
Updated
2017-07-11
7 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!