CPE Details
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
CPE Name: cpe:2.3:a:s9y:serendipity:2.0.4:*:*:*:*:*:*:*
Informations
Vendor
s9yProduct
serendipityVersion
2.0.4Related CVE
| CVE ID | Publié | Description | Score | Gravité |
|---|---|---|---|---|
| Serendipity before 2.3.4 on Windows allows remote attackers to execute arbitrary code because the filename of a renamed file may end with a dot. This file may then be renamed to have a .php filename. | 9.8 |
Critique |
||
| Serendipity before 2.1.5 has XSS via EXIF data that is mishandled in the templates/2k11/admin/media_choose.tpl Editor Preview feature or the templates/2k11/admin/media_items.tpl Media Library feature. | 6.1 |
Moyen |
||
| Serendipity 2.0.4 has XSS via the serendipity_admin.php serendipity[body] parameter. | 5.4 |
Moyen |
||
| Open redirect vulnerability in comment.php in Serendipity through 2.0.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the HTTP Referer header. | 6.1 |
Moyen |
||
| comment.php in Serendipity through 2.0.5 allows CSRF in deleting any comments. | 8.8 |
Haute |
||
| Serendipity through 2.0.5 allows CSRF for the installation of an event plugin or a sidebar plugin. | 8.8 |
Haute |
||
| include/functions_installer.inc.php in Serendipity through 2.0.5 is vulnerable to File Inclusion and a possible Code Execution attack during a first-time installation because it fails to sanitize the dbType POST parameter before adding it to an include() call in the bundled-libs/serendipity_generateFTPChecksums.php file. | 9.8 |
Critique |
||
| Multiple cross-site scripting (XSS) vulnerabilities in Serendipity before 2.0.5 allow remote authenticated users to inject arbitrary web script or HTML via a category or directory name. | 5.4 |
Moyen |
||
| In Serendipity before 2.0.5, an attacker can bypass SSRF protection by using a malformed IP address (e.g., http://127.1) or a 30x (aka Redirection) HTTP status code. | 8.6 |
Haute |
2025©
tesweb SA
