7.5
HIGH

CVE-2012-2762

Published: 07/06/2012 Updated: 29/08/2017
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

Vulnerability Summary

SQL injection vulnerability in include/functions_trackbacks.inc.php in Serendipity 1.6.2 allows remote attackers to execute arbitrary SQL commands via the url parameter to comment.php.

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Access Complexity: LOW
Authentication: NONE
Access Vector: NETWORK
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Affected Products

Vendor Product Versions
S9ySerendipity0.3, 0.4, 0.7, 0.7.1, 0.8, 0.8.1, 0.8.2, 0.8.3, 0.8.4, 0.8.5, 0.9, 0.9.1, 1.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, 1.1, 1.1.1, 1.1.2, 1.1.3, 1.1.4, 1.2, 1.2.1, 1.3, 1.3.1, 1.4, 1.4.1, 1.5.1, 1.5.2, 1.5.3, 1.5.4, 1.5.5, 1.6, 1.6.1

Mailing Lists

References