Vulnerabilities > S9Y > High

DATE CVE VULNERABILITY TITLE RISK
2006-04-20 CVE-2006-1910 Unspecified vulnerability in S9Y Serendipity 1.0Beta2
config.php in S9Y Serendipity 1.0 beta 2 allows remote attackers to inject arbitrary PHP code by editing values that are stored in config.php and later executed.
network
low complexity
s9y
7.5
7.5
2005-05-03 CVE-2005-1451 Remote Security vulnerability in Serendipity
The media manager in Serendipity before 0.8 allows remote attackers to upload and execute arbitrary (1) .php or (2) .shtml files.
network
low complexity
s9y
7.5
7.5
2005-05-03 CVE-2005-1450 Remote Security vulnerability in Serendipity
Unknown vulnerability in "the function used to validate path-names for uploading media" in Serendipity before 0.8 has unknown impact.
network
low complexity
s9y
7.5
7.5
2005-04-13 CVE-2005-1134 SQL injection vulnerability in S9Y Serendipity Exit.PHP
SQL injection vulnerability in exit.php for Serendipity 0.8 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) url_id or (2) entry_id parameters.
network
low complexity
s9y
7.5
7.5
2004-12-31 CVE-2004-2158 Input Validation vulnerability in S9Y Serendipity 0.7Beta1
SQL injection vulnerability in Serendipity 0.7-beta1 allows remote attackers to execute arbitrary SQL commands via the entry_id parameter to (1) exit.php or (2) comment.php.
network
low complexity
s9y
7.5
7.5