7.5
CVSSv2

CVE-2012-2762

Published: 07/06/2012 Updated: 29/08/2017
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

SQL injection vulnerability in include/functions_trackbacks.inc.php in Serendipity 1.6.2 allows remote malicious users to execute arbitrary SQL commands via the url parameter to comment.php.

Affected Products

Vendor Product Versions
S9ySerendipity0.3, 0.4, 0.7, 0.7.1, 0.8, 0.8.1, 0.8.2, 0.8.3, 0.8.4, 0.8.5, 0.9, 0.9.1, 1.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, 1.1, 1.1.1, 1.1.2, 1.1.3, 1.1.4, 1.2, 1.2.1, 1.3, 1.3.1, 1.4, 1.4.1, 1.5.1, 1.5.2, 1.5.3, 1.5.4, 1.5.5, 1.6, 1.6.1

Mailing Lists

Serendipity version 161 suffers from a remote SQL injection vulnerability ...