Skip to content

KORAMISADV2012-001 - Serendipity 1.6 Backend Cross-Site Scripting and SQL-Injection vulnerability

Advisory:
Serendipity 1.6 Backend Cross-Site Scripting and SQL-Injection vulnerability
Advisory ID: KORAMIS-ADV2012-001
Contact: security@koramis.de
Author: Stefan Schurtz
Affected Software: Successfully tested on Serendipity 1.6
Vendor URL:
Vendor Status:
fixed
CVE-ID:
CVE-2012-2331, CVE-2012-2332
EDB-ID: 18884
 
==========================
Vulnerability Description
==========================
 
The Serendipity backend is prone to a Cross-Site Scripting and SQL-Injection vulnerability
 
Continue reading "KORAMISADV2012-001 - Serendipity 1.6 Backend Cross-Site Scripting and SQL-Injection vulnerability"
Imprint | Contact | Privacy Statement