CVSS: 6.1EPSS: 14%CPEs: 35EXPL: 5CVE-2012-2331 – S9Y Serendipity 1.6 - 'Backend' Cross-Site Scripting / SQL Injection
https://notcve.org/view.php?id=CVE-2012-2331
13 Aug 2012 — Cross-site scripting (XSS) vulnerability in serendipity/serendipity_admin_image_selector.php in Serendipity before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via the serendipity[textarea] parameter. NOTE: this issue might be resultant from cross-site request forgery (CSRF). Una vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en Serendipity/serendipity_admin_image_selector.php en Serendipity antes de v1.6.1 permite a atacantes remotos inyectar secuencias de comandos... • https://www.exploit-db.com/exploits/18884 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 1%CPEs: 35EXPL: 4CVE-2012-2332 – S9Y Serendipity 1.6 - 'Backend' Cross-Site Scripting / SQL Injection
https://notcve.org/view.php?id=CVE-2012-2332
13 Aug 2012 — SQL injection vulnerability in serendipity/serendipity_admin.php in Serendipity before 1.6.1 allows remote attackers to execute arbitrary SQL commands via the serendipity[plugin_to_conf] parameter. NOTE: this issue might be resultant from cross-site request forgery (CSRF). Una vulnerabilidad de inyección SQL en serendipity/serendipity_admin.php en Serendipity antes de v1.6.1 permite a atacantes remotos ejecutar comandos SQL a través del parámetro serendipity[plugin_to_conf]. NOTA: este problema podría ser r... • https://www.exploit-db.com/exploits/18884 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 35EXPL: 0CVE-2012-2762
https://notcve.org/view.php?id=CVE-2012-2762
07 Jun 2012 — SQL injection vulnerability in include/functions_trackbacks.inc.php in Serendipity 1.6.2 allows remote attackers to execute arbitrary SQL commands via the url parameter to comment.php. Vulnerabilidad de inyección SQL en include/functions_trackbacks.inc.php en Serendipity v1.6.2 permite a atacantes remotos ejecutar comandos SQL a través del parámetro URL en comment.php. • http://blog.s9y.org/archives/241-Serendipity-1.6.2-released.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •