CVE-2016-10752
https://notcve.org/view.php?id=CVE-2016-10752
serendipity_moveMediaDirectory in Serendipity 2.0.3 allows remote attackers to upload and execute arbitrary PHP code because it mishandles an extensionless filename during a rename, as demonstrated by "php" as a filename. En Serendipity versión 2.0.3, la función serendipity_moveMediaDirectory permite que los atacantes remotos carguen y ejecuten código PHP arbitrario, debido a un manejo inapropiado del nombre de archivo sin extensión durante un cambio de nombre, como lo demuestra "php" como un nombre de archivo. • https://blog.ripstech.com/2016/serendipity-from-file-upload-to-code-execution https://demo.ripstech.com/projects/serendipity_2.0.3 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2019-11870
https://notcve.org/view.php?id=CVE-2019-11870
Serendipity before 2.1.5 has XSS via EXIF data that is mishandled in the templates/2k11/admin/media_choose.tpl Editor Preview feature or the templates/2k11/admin/media_items.tpl Media Library feature. Serendipity, versiones anteriores a 2.1.5, es vulnerable a un ataque XSS a través de datos EXIF que son gestionados de manera incorrecta en las plantillas/2k11/admin/media_choose.tpl o en las plantillas/2k11/admin/media_items.tpl de la funcionalidad Media Library. • http://www.openwall.com/lists/oss-security/2019/05/10/1 https://blog.s9y.org/archives/282-Serendipity-2.1.5-released.html https://github.com/s9y/Serendipity/issues/598 https://www.openwall.com/lists/oss-security/2019/05/03/3 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2016-10737
https://notcve.org/view.php?id=CVE-2016-10737
Serendipity 2.0.4 has XSS via the serendipity_admin.php serendipity[body] parameter. Serendipity 2.0.4 tiene Cross-Site Scripting (XSS) mediante el parámetro serendipity[body] en serendipity_admin.php. • https://www.exploit-db.com/exploits/40650 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2017-1000129
https://notcve.org/view.php?id=CVE-2017-1000129
Serendipity 2.0.3 is vulnerable to a SQL injection in the blog component resulting in information disclosure Serendipity 2.0.3 es vulnerable a una inyección de SQL en el componente blog, lo que resulta en una divulgación de información. • https://blog.s9y.org/archives/269-Serendipity-2.0.4-and-2.1-beta2-released.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2017-8102
https://notcve.org/view.php?id=CVE-2017-8102
Stored XSS in Serendipity v2.1-rc1 allows an attacker to steal an admin's cookie and other information by composing a new entry as an editor user. This is related to lack of the serendipity_event_xsstrust plugin and a set_config error in that plugin. XSS almacenado en Serendipity v2.1-rc1 permite a un atacante robar una cookie de un administrador y otra información componiendo una nueva entrada como un usuario editor. Esto está relacionado con la falta del plugin serendipity_event_xsstrust plugin y un error set_config en ese plugin. • http://seclists.org/fulldisclosure/2017/Apr/44 https://github.com/s9y/Serendipity/issues/456 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •