An arbitrary file upload vulnerability in Serendipity 2.4-beta1 allows attackers to execute arbitrary code via a crafted HTML or Javascript file.
Max CVSS
8.8
EPSS Score
0.07%
Published
2023-05-16
Updated
2023-05-23
Serendipity before 2.3.4 on Windows allows remote attackers to execute arbitrary code because the filename of a renamed file may end with a dot. This file may then be renamed to have a .php filename.
Max CVSS
9.8
EPSS Score
2.22%
Published
2020-03-25
Updated
2020-03-27
There is CSRF in Serendipity 2.0.5, allowing attackers to install any themes via a GET request.
Max CVSS
8.8
EPSS Score
0.09%
Published
2017-04-24
Updated
2017-04-27
SQL injection vulnerability in include/functions_entries.inc.php in Serendipity 2.0.5 allows remote authenticated users to execute arbitrary SQL commands via the cat parameter.
Max CVSS
8.8
EPSS Score
0.14%
Published
2017-01-28
Updated
2019-03-19
Serendipity through 2.0.5 allows CSRF for the installation of an event plugin or a sidebar plugin.
Max CVSS
8.8
EPSS Score
0.07%
Published
2017-01-14
Updated
2017-01-25
comment.php in Serendipity through 2.0.5 allows CSRF in deleting any comments.
Max CVSS
8.8
EPSS Score
0.07%
Published
2017-01-14
Updated
2017-01-25
serendipity_moveMediaDirectory in Serendipity 2.0.3 allows remote attackers to upload and execute arbitrary PHP code because it mishandles an extensionless filename during a rename, as demonstrated by "php" as a filename.
Max CVSS
9.8
EPSS Score
0.43%
Published
2019-05-24
Updated
2019-05-29
include/functions_installer.inc.php in Serendipity through 2.0.5 is vulnerable to File Inclusion and a possible Code Execution attack during a first-time installation because it fails to sanitize the dbType POST parameter before adding it to an include() call in the bundled-libs/serendipity_generateFTPChecksums.php file.
Max CVSS
9.8
EPSS Score
0.60%
Published
2016-12-30
Updated
2017-01-03
In Serendipity before 2.0.5, an attacker can bypass SSRF protection by using a malformed IP address (e.g., http://127.1) or a 30x (aka Redirection) HTTP status code.
Max CVSS
8.6
EPSS Score
0.20%
Published
2016-12-01
Updated
2016-12-03
Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity package before 1.5.5, allows remote attackers to execute arbitrary code in the image manager.
Max CVSS
9.8
EPSS Score
1.34%
Published
2019-11-05
Updated
2019-11-08
Serendipity before 0.8 allows Chief users to "hide plugins installed by other users."
Max CVSS
10.0
EPSS Score
0.26%
Published
2005-05-03
Updated
2008-09-05
Unknown vulnerability in serendipity_config_local.inc.php for Serendipity before 0.8 has unknown impact.
Max CVSS
10.0
EPSS Score
0.21%
Published
2005-05-03
Updated
2008-09-05
12 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!