CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-5609
https://notcve.org/view.php?id=CVE-2017-5609
SQL injection vulnerability in include/functions_entries.inc.php in Serendipity 2.0.5 allows remote authenticated users to execute arbitrary SQL commands via the cat parameter. Vulnerabilidad de inyección SQL en include/functions_entries.inc.php en Serendipity 2.0.5 permite a usuarios autenticados remotos ejecutar comandos arbitrarios SQL a través del parámetro cat. • http://www.securityfocus.com/bid/95850 https://github.com/s9y/Serendipity/commit/c62d667287f2d76c81e03a740a581eb3c51249b6 https://github.com/s9y/Serendipity/releases/tag/2.1-rc1 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-5475
https://notcve.org/view.php?id=CVE-2017-5475
comment.php in Serendipity through 2.0.5 allows CSRF in deleting any comments. comment.php en Serendipity hasta la versión 2.0.5 permite CSRF en la eliminación de cualquier comentario. • http://www.securityfocus.com/bid/95656 https://github.com/s9y/Serendipity/issues/439 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-5476
https://notcve.org/view.php?id=CVE-2017-5476
Serendipity through 2.0.5 allows CSRF for the installation of an event plugin or a sidebar plugin. Serendipity hasta la versión 2.0.5 permite CSRF para la instalación de un plugin de evento o un plugin de barra lateral. • http://www.securityfocus.com/bid/95659 https://github.com/s9y/Serendipity/issues/439 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-5474
https://notcve.org/view.php?id=CVE-2017-5474
Open redirect vulnerability in comment.php in Serendipity through 2.0.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the HTTP Referer header. Vulnerabilidad de redirección abierta en comment.php en Serendipity hasta la versión 2.0.5 permite a atacantes remotos redirigir a usuarios a sitios web arbitrarios y llevar acabo ataques de phishing a través de una URL en el encabezado HTTP Referer. • http://www.securityfocus.com/bid/95652 https://github.com/s9y/Serendipity/commit/6285933470bab2923e4573b5d54ba9a32629b0cd • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-10082
https://notcve.org/view.php?id=CVE-2016-10082
include/functions_installer.inc.php in Serendipity through 2.0.5 is vulnerable to File Inclusion and a possible Code Execution attack during a first-time installation because it fails to sanitize the dbType POST parameter before adding it to an include() call in the bundled-libs/serendipity_generateFTPChecksums.php file. include/functions_installer.inc.php en Serendipity hasta la versión 2.0.5 es vulnerable a ataques File Inclusion y posiblemente Code Execution durante una primera instalación porque falla en desinfectar el parámetro dbType POST antes de añadirlo a una llamada include() en el archivo bundled-libs/serendipity_generateFTPChecksums.php. • http://www.securityfocus.com/bid/95165 https://github.com/s9y/Serendipity/commit/bba6a840f4d53cbaf62971a3078a98c8ddf92b85 https://github.com/s9y/Serendipity/issues/433 • CWE-284: Improper Access Control •