Shodan
Vulnerabilities
Vulnerable Software
S9y:  >> Serendipity  Security Vulnerabilities
CVE-2017-8101
There is CSRF in Serendipity 2.0.5, allowing attackers to install any themes via a GET request.
CVSS Score
8.8
EPSS Score
0.001
Published
2017-04-24
CVE-2017-8102
Stored XSS in Serendipity v2.1-rc1 allows an attacker to steal an admin's cookie and other information by composing a new entry as an editor user. This is related to lack of the serendipity_event_xsstrust plugin and a set_config error in that plugin.
CVSS Score
5.4
EPSS Score
0.002
Published
2017-04-24
CVE-2017-5609
SQL injection vulnerability in include/functions_entries.inc.php in Serendipity 2.0.5 allows remote authenticated users to execute arbitrary SQL commands via the cat parameter.
CVSS Score
8.8
EPSS Score
0.01
Published
2017-01-28
CVE-2017-5474
Open redirect vulnerability in comment.php in Serendipity through 2.0.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the HTTP Referer header.
CVSS Score
6.1
EPSS Score
0.002
Published
2017-01-14
CVE-2017-5475
comment.php in Serendipity through 2.0.5 allows CSRF in deleting any comments.
CVSS Score
8.8
EPSS Score
0.001
Published
2017-01-14
CVE-2017-5476
Serendipity through 2.0.5 allows CSRF for the installation of an event plugin or a sidebar plugin.
CVSS Score
8.8
EPSS Score
0.001
Published
2017-01-14
CVE-2016-10082
include/functions_installer.inc.php in Serendipity through 2.0.5 is vulnerable to File Inclusion and a possible Code Execution attack during a first-time installation because it fails to sanitize the dbType POST parameter before adding it to an include() call in the bundled-libs/serendipity_generateFTPChecksums.php file.
CVSS Score
9.8
EPSS Score
0.016
Published
2016-12-30
CVE-2016-9681
Multiple cross-site scripting (XSS) vulnerabilities in Serendipity before 2.0.5 allow remote authenticated users to inject arbitrary web script or HTML via a category or directory name.
CVSS Score
5.4
EPSS Score
0.002
Published
2016-12-25
CVE-2016-9752
In Serendipity before 2.0.5, an attacker can bypass SSRF protection by using a malformed IP address (e.g., http://127.1) or a 30x (aka Redirection) HTTP status code.
CVSS Score
8.6
EPSS Score
0.002
Published
2016-12-01
CVE-2015-8603
Cross-site scripting (XSS) vulnerability in Serendipity before 2.0.3 allows remote attackers to inject arbitrary web script or HTML via the serendipity[entry_id] parameter in an "edit" admin action to serendipity_admin.php.
CVSS Score
5.4
EPSS Score
0.003
Published
2016-01-12


Products
Pricing
Contact Us

Shodan ® - All rights reserved