Vulnerabilities > CVE-2016-9752 - Server-Side Request Forgery (SSRF) vulnerability in S9Y Serendipity

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
network
low complexity
s9y
CWE-918

Summary

In Serendipity before 2.0.5, an attacker can bypass SSRF protection by using a malformed IP address (e.g., http://127.1) or a 30x (aka Redirection) HTTP status code.

Common Weakness Enumeration (CWE)