S9y: >> Serendipity >> 2.0.5 Security Vulnerabilities
Serendipity before 2.3.4 on Windows allows remote attackers to execute arbitrary code because the filename of a renamed file may end with a dot. This file may then be renamed to have a .php filename.
CVSS Score
9.8
EPSS Score
0.038
Published
2020-03-25
Serendipity before 2.1.5 has XSS via EXIF data that is mishandled in the templates/2k11/admin/media_choose.tpl Editor Preview feature or the templates/2k11/admin/media_items.tpl Media Library feature.
CVSS Score
6.1
EPSS Score
0.005
Published
2019-05-09
There is CSRF in Serendipity 2.0.5, allowing attackers to install any themes via a GET request.
CVSS Score
8.8
EPSS Score
0.001
Published
2017-04-24
SQL injection vulnerability in include/functions_entries.inc.php in Serendipity 2.0.5 allows remote authenticated users to execute arbitrary SQL commands via the cat parameter.
CVSS Score
8.8
EPSS Score
0.01
Published
2017-01-28
Open redirect vulnerability in comment.php in Serendipity through 2.0.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the HTTP Referer header.
CVSS Score
6.1
EPSS Score
0.002
Published
2017-01-14
comment.php in Serendipity through 2.0.5 allows CSRF in deleting any comments.
CVSS Score
8.8
EPSS Score
0.001
Published
2017-01-14
Serendipity through 2.0.5 allows CSRF for the installation of an event plugin or a sidebar plugin.
CVSS Score
8.8
EPSS Score
0.001
Published
2017-01-14
include/functions_installer.inc.php in Serendipity through 2.0.5 is vulnerable to File Inclusion and a possible Code Execution attack during a first-time installation because it fails to sanitize the dbType POST parameter before adding it to an include() call in the bundled-libs/serendipity_generateFTPChecksums.php file.
CVSS Score
9.8
EPSS Score
0.016
Published
2016-12-30