Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
serendipity vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2017-5475
comment.php in Serendipity up to and including 2.0.5 allows CSRF in deleting any comments.
S9y Serendipity
NA
CVE-2015-2289
Cross-site scripting (XSS) vulnerability in templates/2k11/admin/entries.tpl in Serendipity prior to 2.0.1 allows remote authenticated editors to inject arbitrary web script or HTML via the serendipity[cat][name] parameter to serendipity_admin.php, when creating a new category.
S9y Serendipity
NA
CVE-2005-3129
Cross-site request forgery (CSRF) vulnerability in Serendipity 0.8.4 and previous versions allows remote malicious users to perform unauthorized actions as a logged in user via a link or IMG tag to serendipity_admin.php.
S9y Serendipity
6.1
CVSSv3
CVE-2011-4090
Serendipity prior to 1.6 has an XSS issue in the karma plugin which may allow privilege escalation.
S9y Serendipity
1 EDB exploit
8.8
CVSSv3
CVE-2017-5476
Serendipity up to and including 2.0.5 allows CSRF for the installation of an event plugin or a sidebar plugin.
S9y Serendipity
NA
CVE-2006-1910
config.php in S9Y Serendipity 1.0 beta 2 allows remote malicious users to inject arbitrary PHP code by editing values that are stored in config.php and later executed. NOTE: the provenance of this information is unknown; the details are obtained solely from third party informatio...
S9y Serendipity 1.0 Beta2
NA
CVE-2005-1712
Unknown vulnerability in Serendipity 0.8, when used with multiple authors, allows unprivileged authors to upload arbitrary media files.
Sy9 Serendipity 0.8
9.8
CVSSv3
CVE-2016-10752
serendipity_moveMediaDirectory in Serendipity 2.0.3 allows remote malicious users to upload and execute arbitrary PHP code because it mishandles an extensionless filename during a rename, as demonstrated by "php" as a filename.
S9y Serendipity 2.0.3
7.5
CVSSv3
CVE-2017-1000129
Serendipity 2.0.3 is vulnerable to a SQL injection in the blog component resulting in information disclosure
S9y Serendipity 2.0.3
NA
CVE-2011-3800
Serendipity 1.5.5 allows remote malicious users to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by templates/newspaper/layout.php and certain other files.
S9y Serendipity 1.5.5
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7028
memory leak
log injection
CVE-2024-3400
CVE-2022-48695
CVE-2022-48675
CVE-2024-34487
CVE-2024-33792
spoof
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »