Shodan
Vulnerabilities
Vulnerable Software
S9y:  >> Serendipity  Security Vulnerabilities
CVE-2011-1135
Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity package before 1.5.5, allows remote attackers to execute arbitrary code in plugins/ExtendedFileManager/manager.php and plugins/ImageManager/manager.php.
CVSS Score
6.1
EPSS Score
0.009
Published
2019-11-05
CVE-2016-10752
serendipity_moveMediaDirectory in Serendipity 2.0.3 allows remote attackers to upload and execute arbitrary PHP code because it mishandles an extensionless filename during a rename, as demonstrated by "php" as a filename.
CVSS Score
9.8
EPSS Score
0.007
Published
2019-05-24
CVE-2019-11870
Serendipity before 2.1.5 has XSS via EXIF data that is mishandled in the templates/2k11/admin/media_choose.tpl Editor Preview feature or the templates/2k11/admin/media_items.tpl Media Library feature.
CVSS Score
6.1
EPSS Score
0.004
Published
2019-05-09
CVE-2016-10737
Serendipity 2.0.4 has XSS via the serendipity_admin.php serendipity[body] parameter.
CVSS Score
5.4
EPSS Score
0.003
Published
2019-01-16
CVE-2017-1000129
Serendipity 2.0.3 is vulnerable to a SQL injection in the blog component resulting in information disclosure
CVSS Score
7.5
EPSS Score
0.003
Published
2017-11-17
CVE-2017-8101
There is CSRF in Serendipity 2.0.5, allowing attackers to install any themes via a GET request.
CVSS Score
8.8
EPSS Score
0.001
Published
2017-04-24
CVE-2017-8102
Stored XSS in Serendipity v2.1-rc1 allows an attacker to steal an admin's cookie and other information by composing a new entry as an editor user. This is related to lack of the serendipity_event_xsstrust plugin and a set_config error in that plugin.
CVSS Score
5.4
EPSS Score
0.002
Published
2017-04-24
CVE-2017-5609
SQL injection vulnerability in include/functions_entries.inc.php in Serendipity 2.0.5 allows remote authenticated users to execute arbitrary SQL commands via the cat parameter.
CVSS Score
8.8
EPSS Score
0.01
Published
2017-01-28
CVE-2017-5474
Open redirect vulnerability in comment.php in Serendipity through 2.0.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the HTTP Referer header.
CVSS Score
6.1
EPSS Score
0.002
Published
2017-01-14
CVE-2017-5475
comment.php in Serendipity through 2.0.5 allows CSRF in deleting any comments.
CVSS Score
8.8
EPSS Score
0.002
Published
2017-01-14


Products
Pricing
Contact Us

Shodan ® - All rights reserved