Shodan
Vulnerabilities
Vulnerable Software
S9y:  Security Vulnerabilities
CVE-2011-1134
Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity package before 1.5.5, allows remote attackers to execute arbitrary code in the image manager.
CVSS Score
9.8
EPSS Score
0.05
Published
2019-11-05
CVE-2011-1135
Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity package before 1.5.5, allows remote attackers to execute arbitrary code in plugins/ExtendedFileManager/manager.php and plugins/ImageManager/manager.php.
CVSS Score
6.1
EPSS Score
0.009
Published
2019-11-05
CVE-2016-10752
serendipity_moveMediaDirectory in Serendipity 2.0.3 allows remote attackers to upload and execute arbitrary PHP code because it mishandles an extensionless filename during a rename, as demonstrated by "php" as a filename.
CVSS Score
9.8
EPSS Score
0.007
Published
2019-05-24
CVE-2019-11870
Serendipity before 2.1.5 has XSS via EXIF data that is mishandled in the templates/2k11/admin/media_choose.tpl Editor Preview feature or the templates/2k11/admin/media_items.tpl Media Library feature.
CVSS Score
6.1
EPSS Score
0.004
Published
2019-05-09
CVE-2016-10737
Serendipity 2.0.4 has XSS via the serendipity_admin.php serendipity[body] parameter.
CVSS Score
5.4
EPSS Score
0.003
Published
2019-01-16
CVE-2017-1000129
Serendipity 2.0.3 is vulnerable to a SQL injection in the blog component resulting in information disclosure
CVSS Score
7.5
EPSS Score
0.003
Published
2017-11-17
CVE-2017-8101
There is CSRF in Serendipity 2.0.5, allowing attackers to install any themes via a GET request.
CVSS Score
8.8
EPSS Score
0.001
Published
2017-04-24
CVE-2017-8102
Stored XSS in Serendipity v2.1-rc1 allows an attacker to steal an admin's cookie and other information by composing a new entry as an editor user. This is related to lack of the serendipity_event_xsstrust plugin and a set_config error in that plugin.
CVSS Score
5.4
EPSS Score
0.002
Published
2017-04-24
CVE-2017-5609
SQL injection vulnerability in include/functions_entries.inc.php in Serendipity 2.0.5 allows remote authenticated users to execute arbitrary SQL commands via the cat parameter.
CVSS Score
8.8
EPSS Score
0.01
Published
2017-01-28
CVE-2017-5474
Open redirect vulnerability in comment.php in Serendipity through 2.0.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the HTTP Referer header.
CVSS Score
6.1
EPSS Score
0.002
Published
2017-01-14


Products
Pricing
Contact Us

Shodan ® - All rights reserved