KORAMISADV2012-001 - Serendipity 1.6 Backend Cross-Site Scripting and SQL-Injection vulnerability
Advisory:
|
Serendipity 1.6 Backend Cross-Site Scripting and SQL-Injection vulnerability
|
Advisory ID: | KORAMIS-ADV2012-001 |
Contact: | security@koramis.de |
Author: | Stefan Schurtz |
Affected Software: | Successfully tested on Serendipity 1.6 |
Vendor URL: | |
Vendor Status: |
fixed
|
CVE-ID:
|
CVE-2012-2331, CVE-2012-2332
|
EDB-ID: | 18884 |
==========================
Vulnerability Description
==========================
Vulnerability Description
==========================
The Serendipity backend is prone to a Cross-Site Scripting and SQL-Injection vulnerability