Vulnerabilities > S9Y

DATE CVE VULNERABILITY TITLE RISK
2017-11-17 CVE-2017-1000129 SQL Injection vulnerability in S9Y Serendipity 2.0.3
Serendipity 2.0.3 is vulnerable to a SQL injection in the blog component resulting in information disclosure
network
low complexity
s9y CWE-89
7.5
2017-04-24 CVE-2017-8102 Cross-site Scripting vulnerability in S9Y Serendipity 2.1
Stored XSS in Serendipity v2.1-rc1 allows an attacker to steal an admin's cookie and other information by composing a new entry as an editor user.
network
low complexity
s9y CWE-79
5.4
2017-04-24 CVE-2017-8101 Cross-Site Request Forgery (CSRF) vulnerability in S9Y Serendipity 2.0.5
There is CSRF in Serendipity 2.0.5, allowing attackers to install any themes via a GET request.
network
low complexity
s9y CWE-352
8.8
2017-01-28 CVE-2017-5609 SQL Injection vulnerability in S9Y Serendipity 2.0.5
SQL injection vulnerability in include/functions_entries.inc.php in Serendipity 2.0.5 allows remote authenticated users to execute arbitrary SQL commands via the cat parameter.
network
low complexity
s9y CWE-89
8.8
2017-01-14 CVE-2017-5476 Cross-Site Request Forgery (CSRF) vulnerability in S9Y Serendipity
Serendipity through 2.0.5 allows CSRF for the installation of an event plugin or a sidebar plugin.
network
low complexity
s9y CWE-352
8.8
2017-01-14 CVE-2017-5475 Cross-Site Request Forgery (CSRF) vulnerability in S9Y Serendipity
comment.php in Serendipity through 2.0.5 allows CSRF in deleting any comments.
network
low complexity
s9y CWE-352
8.8
2017-01-14 CVE-2017-5474 Open Redirect vulnerability in S9Y Serendipity
Open redirect vulnerability in comment.php in Serendipity through 2.0.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the HTTP Referer header.
network
low complexity
s9y CWE-601
6.1
2016-12-30 CVE-2016-10082 Improper Access Control vulnerability in S9Y Serendipity
include/functions_installer.inc.php in Serendipity through 2.0.5 is vulnerable to File Inclusion and a possible Code Execution attack during a first-time installation because it fails to sanitize the dbType POST parameter before adding it to an include() call in the bundled-libs/serendipity_generateFTPChecksums.php file.
network
low complexity
s9y CWE-284
critical
9.8
2016-12-25 CVE-2016-9681 Cross-site Scripting vulnerability in S9Y Serendipity
Multiple cross-site scripting (XSS) vulnerabilities in Serendipity before 2.0.5 allow remote authenticated users to inject arbitrary web script or HTML via a category or directory name.
network
low complexity
s9y CWE-79
5.4
2016-12-01 CVE-2016-9752 Server-Side Request Forgery (SSRF) vulnerability in S9Y Serendipity
In Serendipity before 2.0.5, an attacker can bypass SSRF protection by using a malformed IP address (e.g., http://127.1) or a 30x (aka Redirection) HTTP status code.
network
low complexity
s9y CWE-918
8.6