Vulnerabilities > S9Y > Serendipity > 1.5.4

DATE CVE VULNERABILITY TITLE RISK
2012-08-13 CVE-2012-2332 SQL Injection vulnerability in S9Y Serendipity
SQL injection vulnerability in serendipity/serendipity_admin.php in Serendipity before 1.6.1 allows remote attackers to execute arbitrary SQL commands via the serendipity[plugin_to_conf] parameter.
network
low complexity
s9y CWE-89
7.5
7.5
2012-08-13 CVE-2012-2331 Cross-Site Scripting vulnerability in S9Y Serendipity
Cross-site scripting (XSS) vulnerability in serendipity/serendipity_admin_image_selector.php in Serendipity before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via the serendipity[textarea] parameter.
network
s9y CWE-79
4.3
4.3
2012-06-07 CVE-2012-2762 SQL Injection vulnerability in S9Y Serendipity
SQL injection vulnerability in include/functions_trackbacks.inc.php in Serendipity 1.6.2 allows remote attackers to execute arbitrary SQL commands via the url parameter to comment.php.
network
low complexity
s9y CWE-89
7.5
7.5