Vulnerabilities > S9Y > Serendipity > 2.0.3
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-03-25 | CVE-2020-10964 | Unrestricted Upload of File with Dangerous Type vulnerability in S9Y Serendipity Serendipity before 2.3.4 on Windows allows remote attackers to execute arbitrary code because the filename of a renamed file may end with a dot. | 7.5 |
2020-01-22 | CVE-2011-3610 | Cross-site Scripting vulnerability in S9Y Serendipity Event Freetag A Cross-site Scripting (XSS) vulnerability exists in the Serendipity freetag plugin before 3.30 in the tagcloud parameter to plugins/serendipity_event_freetag/tagcloud.swf. | 4.3 |
2019-05-24 | CVE-2016-10752 | Unrestricted Upload of File with Dangerous Type vulnerability in S9Y Serendipity 2.0.3 serendipity_moveMediaDirectory in Serendipity 2.0.3 allows remote attackers to upload and execute arbitrary PHP code because it mishandles an extensionless filename during a rename, as demonstrated by "php" as a filename. | 7.5 |
2019-05-09 | CVE-2019-11870 | Cross-site Scripting vulnerability in S9Y Serendipity Serendipity before 2.1.5 has XSS via EXIF data that is mishandled in the templates/2k11/admin/media_choose.tpl Editor Preview feature or the templates/2k11/admin/media_items.tpl Media Library feature. | 4.3 |
2017-11-17 | CVE-2017-1000129 | SQL Injection vulnerability in S9Y Serendipity 2.0.3 Serendipity 2.0.3 is vulnerable to a SQL injection in the blog component resulting in information disclosure | 5.0 |
2017-01-14 | CVE-2017-5476 | Cross-Site Request Forgery (CSRF) vulnerability in S9Y Serendipity Serendipity through 2.0.5 allows CSRF for the installation of an event plugin or a sidebar plugin. | 6.8 |
2017-01-14 | CVE-2017-5475 | Cross-Site Request Forgery (CSRF) vulnerability in S9Y Serendipity comment.php in Serendipity through 2.0.5 allows CSRF in deleting any comments. | 6.8 |
2017-01-14 | CVE-2017-5474 | Open Redirect vulnerability in S9Y Serendipity Open redirect vulnerability in comment.php in Serendipity through 2.0.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the HTTP Referer header. | 5.8 |
2016-12-30 | CVE-2016-10082 | Improper Access Control vulnerability in S9Y Serendipity include/functions_installer.inc.php in Serendipity through 2.0.5 is vulnerable to File Inclusion and a possible Code Execution attack during a first-time installation because it fails to sanitize the dbType POST parameter before adding it to an include() call in the bundled-libs/serendipity_generateFTPChecksums.php file. | 7.5 |
2016-12-25 | CVE-2016-9681 | Cross-site Scripting vulnerability in S9Y Serendipity Multiple cross-site scripting (XSS) vulnerabilities in Serendipity before 2.0.5 allow remote authenticated users to inject arbitrary web script or HTML via a category or directory name. | 3.5 |