S9Y » Serendipity : Security Vulnerabilities (SQL Injection)
# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
1 |
CVE-2017-1000129 |
89 |
|
Sql |
2017-11-17 |
2017-11-29 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Serendipity 2.0.3 is vulnerable to a SQL injection in the blog component resulting in information disclosure |
2 |
CVE-2017-5609 |
89 |
|
Exec Code Sql |
2017-01-28 |
2019-03-19 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
SQL injection vulnerability in include/functions_entries.inc.php in Serendipity 2.0.5 allows remote authenticated users to execute arbitrary SQL commands via the cat parameter. |
3 |
CVE-2015-6943 |
89 |
|
Exec Code Sql |
2015-09-15 |
2016-12-22 |
6.0 |
None |
Remote |
Medium |
??? |
Partial |
Partial |
Partial |
SQL injection vulnerability in the serendipity_checkCommentToken function in include/functions_comments.inc.php in Serendipity before 2.0.2, when "Use Tokens for Comment Moderation" is enabled, allows remote administrators to execute arbitrary SQL commands via the serendipity[id] parameter to serendipity_admin.php. |
4 |
CVE-2012-2762 |
89 |
|
Exec Code Sql |
2012-06-07 |
2017-08-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
SQL injection vulnerability in include/functions_trackbacks.inc.php in Serendipity 1.6.2 allows remote attackers to execute arbitrary SQL commands via the url parameter to comment.php. |
5 |
CVE-2012-2332 |
89 |
|
Exec Code Sql CSRF |
2012-08-13 |
2012-08-14 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
SQL injection vulnerability in serendipity/serendipity_admin.php in Serendipity before 1.6.1 allows remote attackers to execute arbitrary SQL commands via the serendipity[plugin_to_conf] parameter. NOTE: this issue might be resultant from cross-site request forgery (CSRF). |
6 |
CVE-2005-1134 |
|
|
Exec Code Sql |
2005-04-13 |
2017-07-11 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
SQL injection vulnerability in exit.php for Serendipity 0.8 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) url_id or (2) entry_id parameters. |
7 |
CVE-2004-2158 |
|
|
Exec Code Sql |
2004-12-31 |
2017-07-11 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
SQL injection vulnerability in Serendipity 0.7-beta1 allows remote attackers to execute arbitrary SQL commands via the entry_id parameter to (1) exit.php or (2) comment.php. |
Total number of vulnerabilities :
7
Page :
1
(This Page)