NotCVE - vendor:"S9y" product:"Serendipity" version:"2.0.5"

Page 2 of 8 results (0.003 seconds)

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2017-5475

https://notcve.org/view.php?id=CVE-2017-5475

comment.php in Serendipity through 2.0.5 allows CSRF in deleting any comments. comment.php en Serendipity hasta la versión 2.0.5 permite CSRF en la eliminación de cualquier comentario. • http://www.securityfocus.com/bid/95656 https://github.com/s9y/Serendipity/issues/439 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

CVE-2017-5474

https://notcve.org/view.php?id=CVE-2017-5474

Open redirect vulnerability in comment.php in Serendipity through 2.0.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the HTTP Referer header. Vulnerabilidad de redirección abierta en comment.php en Serendipity hasta la versión 2.0.5 permite a atacantes remotos redirigir a usuarios a sitios web arbitrarios y llevar acabo ataques de phishing a través de una URL en el encabezado HTTP Referer. • http://www.securityfocus.com/bid/95652 https://github.com/s9y/Serendipity/commit/6285933470bab2923e4573b5d54ba9a32629b0cd • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2016-10082

https://notcve.org/view.php?id=CVE-2016-10082

include/functions_installer.inc.php in Serendipity through 2.0.5 is vulnerable to File Inclusion and a possible Code Execution attack during a first-time installation because it fails to sanitize the dbType POST parameter before adding it to an include() call in the bundled-libs/serendipity_generateFTPChecksums.php file. include/functions_installer.inc.php en Serendipity hasta la versión 2.0.5 es vulnerable a ataques File Inclusion y posiblemente Code Execution durante una primera instalación porque falla en desinfectar el parámetro dbType POST antes de añadirlo a una llamada include() en el archivo bundled-libs/serendipity_generateFTPChecksums.php. • http://www.securityfocus.com/bid/95165 https://github.com/s9y/Serendipity/commit/bba6a840f4d53cbaf62971a3078a98c8ddf92b85 https://github.com/s9y/Serendipity/issues/433 • CWE-284: Improper Access Control •

1 2