Vulnerabilities > S9Y > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-05-16 | CVE-2023-31576 | Unrestricted Upload of File with Dangerous Type vulnerability in S9Y Serendipity 2.4.0 An arbitrary file upload vulnerability in Serendipity 2.4-beta1 allows attackers to execute arbitrary code via a crafted HTML or Javascript file. | 8.8 |
| 2017-11-17 | CVE-2017-1000129 | SQL Injection vulnerability in S9Y Serendipity 2.0.3 Serendipity 2.0.3 is vulnerable to a SQL injection in the blog component resulting in information disclosure | 7.5 |
| 2017-04-24 | CVE-2017-8101 | Cross-Site Request Forgery (CSRF) vulnerability in S9Y Serendipity 2.0.5 There is CSRF in Serendipity 2.0.5, allowing attackers to install any themes via a GET request. | 8.8 |
| 2017-01-28 | CVE-2017-5609 | SQL Injection vulnerability in S9Y Serendipity 2.0.5 SQL injection vulnerability in include/functions_entries.inc.php in Serendipity 2.0.5 allows remote authenticated users to execute arbitrary SQL commands via the cat parameter. | 8.8 |
| 2017-01-14 | CVE-2017-5476 | Cross-Site Request Forgery (CSRF) vulnerability in S9Y Serendipity Serendipity through 2.0.5 allows CSRF for the installation of an event plugin or a sidebar plugin. | 8.8 |
| 2017-01-14 | CVE-2017-5475 | Cross-Site Request Forgery (CSRF) vulnerability in S9Y Serendipity comment.php in Serendipity through 2.0.5 allows CSRF in deleting any comments. | 8.8 |
| 2016-12-01 | CVE-2016-9752 | Server-Side Request Forgery (SSRF) vulnerability in S9Y Serendipity In Serendipity before 2.0.5, an attacker can bypass SSRF protection by using a malformed IP address (e.g., http://127.1) or a 30x (aka Redirection) HTTP status code. | 8.6 |