Vulnerabilities > S9Y > Serendipity > 1.5.3
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2012-08-13 | CVE-2012-2332 | SQL Injection vulnerability in S9Y Serendipity SQL injection vulnerability in serendipity/serendipity_admin.php in Serendipity before 1.6.1 allows remote attackers to execute arbitrary SQL commands via the serendipity[plugin_to_conf] parameter. | 7.5 |
2012-08-13 | CVE-2012-2331 | Cross-Site Scripting vulnerability in S9Y Serendipity Cross-site scripting (XSS) vulnerability in serendipity/serendipity_admin_image_selector.php in Serendipity before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via the serendipity[textarea] parameter. | 4.3 |
2012-06-07 | CVE-2012-2762 | SQL Injection vulnerability in S9Y Serendipity SQL injection vulnerability in include/functions_trackbacks.inc.php in Serendipity 1.6.2 allows remote attackers to execute arbitrary SQL commands via the url parameter to comment.php. | 7.5 |
2010-09-10 | CVE-2010-2957 | Cross-Site Scripting vulnerability in S9Y Serendipity Cross-site scripting (XSS) vulnerability in Serendipity before 1.5.4, when "Remember me" logins are enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2.6 |