MidnightBSD

Advisories for s9y

CVE-2004-1620 MEDIUM

CRLF injection vulnerability in Serendipity before 0.7rc1 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via the url parameter in (1) index.php and (2) exit.php, or (3) the HTTP Referer field in comment.php.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
s9y serendipity 0.6
s9y serendipity 0.5_pl1
s9y serendipity 0.7_beta4
s9y serendipity 0.3
s9y serendipity 0.6_pl3
s9y serendipity 0.7_beta1
s9y serendipity 0.7_beta3
s9y serendipity 0.6_rc1
s9y serendipity 0.6_rc2
s9y serendipity 0.4
s9y serendipity 0.5
s9y serendipity 0.7_beta2
s9y serendipity 0.6_pl1
s9y serendipity 0.6_pl2
CVE-2004-2157 MEDIUM

Cross-site scripting (XSS) vulnerability in Comment.php in Serendipity 0.7 beta1, and possibly other versions before 0.7-beta3, allows remote attackers to inject arbitrary HTML and PHP code via the (1) email or (2) username field.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
s9y serendipity 0.7_beta1
CVE-2004-2158 HIGH

SQL injection vulnerability in Serendipity 0.7-beta1 allows remote attackers to execute arbitrary SQL commands via the entry_id parameter to (1) exit.php or (2) comment.php.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
s9y serendipity 0.7_beta1
CVE-2004-2525 MEDIUM

Cross-site scripting (XSS) vulnerability in compat.php in Serendipity before 0.7.1 allows remote attackers to inject arbitrary web script or HTML via the searchTerm variable.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
s9y serendipity 0.6
s9y serendipity 0.5_pl1
s9y serendipity 0.7_beta4
s9y serendipity 0.3
s9y serendipity 0.6_pl3
s9y serendipity 0.7_beta1
s9y serendipity 0.7_beta3
s9y serendipity 0.6_rc1
s9y serendipity 0.6_rc2
s9y serendipity 0.7_rc1
s9y serendipity 0.4
s9y serendipity 0.5
s9y serendipity 0.7
s9y serendipity 0.7_beta2
s9y serendipity 0.6_pl1
s9y serendipity 0.6_pl2
CVE-2005-1134 HIGH

SQL injection vulnerability in exit.php for Serendipity 0.8 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) url_id or (2) entry_id parameters.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
s9y serendipity 0.6
s9y serendipity 0.5_pl1
s9y serendipity 0.7_beta4
s9y serendipity 0.3
s9y serendipity 0.6_pl3
s9y serendipity 0.7_beta1
s9y serendipity 0.7_beta3
s9y serendipity 0.6_rc1
s9y serendipity 0.6_rc2
s9y serendipity 0.7_rc1
s9y serendipity 0.8_beta6
s9y serendipity 0.4
s9y serendipity 0.5
s9y serendipity 0.7
s9y serendipity 0.7_beta2
s9y serendipity 0.6_pl1
s9y serendipity 0.8_beta5
s9y serendipity 0.6_pl2
CVE-2005-1448 MEDIUM

Cross-site scripting (XSS) vulnerability in the BBCode plugin for Serendipity before 0.8 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
s9y serendipity 0.7_beta3
s9y serendipity 0.7_rc1
s9y serendipity 0.8_beta6
s9y serendipity 0.7
s9y serendipity 0.7_beta2
s9y serendipity 0.7.1
s9y serendipity 0.7_beta4
s9y serendipity 0.8_beta5
s9y serendipity 0.7_beta1
CVE-2005-1449 HIGH

Unknown vulnerability in serendipity_config_local.inc.php for Serendipity before 0.8 has unknown impact.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
s9y serendipity 0.5_pl1
s9y serendipity 0.7_beta4
s9y serendipity 0.3
s9y serendipity 0.6_pl3
s9y serendipity 0.7_beta1
s9y serendipity 0.7_beta3
s9y serendipity 0.7_rc1
s9y serendipity 0.8_beta6
s9y serendipity 0.4
s9y serendipity 0.7
s9y serendipity 0.7_beta2
s9y serendipity 0.7.1
s9y serendipity 0.8_beta5
CVE-2005-1450 HIGH

Unknown vulnerability in "the function used to validate path-names for uploading media" in Serendipity before 0.8 has unknown impact.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
s9y serendipity 0.4
s9y serendipity 0.7
s9y serendipity 0.7.1
s9y serendipity 0.5_pl1
s9y serendipity 0.3
s9y serendipity 0.6_pl3
CVE-2005-1451 HIGH

The media manager in Serendipity before 0.8 allows remote attackers to upload and execute arbitrary (1) .php or (2) .shtml files.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
s9y serendipity 0.8_beta_5
s9y serendipity 0.5_pl1
s9y serendipity 0.7_beta4
s9y serendipity 0.3
s9y serendipity 0.6_pl3
s9y serendipity 0.7_beta1
s9y serendipity 0.7_beta3
s9y serendipity 0.8_beta_6
s9y serendipity 0.7_rc1
s9y serendipity 0.4
s9y serendipity 0.7
s9y serendipity 0.7_beta2
s9y serendipity 0.7.1
CVE-2005-1452 HIGH

Serendipity before 0.8 allows Chief users to "hide plugins installed by other users."

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
s9y serendipity 0.4
s9y serendipity 0.7
s9y serendipity 0.7.1
s9y serendipity 0.5_pl1
s9y serendipity 0.3
s9y serendipity 0.6_pl3
CVE-2005-1713 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in Serendipity 0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) templatedropdown and (2) shoutbox plugins.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
s9y serendipity 0.8
CVE-2005-3129 MEDIUM

Cross-site request forgery (CSRF) vulnerability in Serendipity 0.8.4 and earlier allows remote attackers to perform unauthorized actions as a logged in user via a link or IMG tag to serendipity_admin.php.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
s9y serendipity *
CVE-2006-1910 HIGH

config.php in S9Y Serendipity 1.0 beta 2 allows remote attackers to inject arbitrary PHP code by editing values that are stored in config.php and later executed. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
s9y serendipity 1.0_beta2
CVE-2006-2495 HIGH

Cross-site request forgery (CSRF) vulnerability in the Entry Manager in Serendipity before 1.0-beta3 allows remote attackers to perform unauthorized actions as a logged-in user via a link or IMG tag.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
s9y serendipity 0.9
s9y serendipity 0.6
s9y serendipity 0.8.3
s9y serendipity 0.8.1
s9y serendipity 0.5_pl1
s9y serendipity 0.3
s9y serendipity 0.8
s9y serendipity 0.8.2
s9y serendipity 0.6_pl3
s9y serendipity 0.8.4
s9y serendipity 1.0_beta2
s9y serendipity 1.0_beta1
s9y serendipity 0.4
s9y serendipity 0.8.5
s9y serendipity 0.5
s9y serendipity 0.7
s9y serendipity 0.9.1
s9y serendipity 0.7.1
CVE-2010-1916 HIGH

The dynamic configuration feature in Xinha WYSIWYG editor 0.96 Beta 2 and earlier, as used in Serendipity 1.5.2 and earlier, allows remote attackers to bypass intended access restrictions and modify the configuration of arbitrary plugins via (1) crafted backend_config_secret_key_location and backend_config_hash parameters that are used in a SHA1 hash of a shared secret that can be known or externally influenced, which are not properly handled by the "Deprecated config passing" feature; or (2) crafted backend_data and backend_data[key_location] variables, which are not properly handled by the xinha_read_passed_data function. NOTE: this can be leveraged to upload and possibly execute arbitrary files via config.inc.php in the ImageManager plugin.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
s9y serendipity 0.9
s9y serendipity 1.2.1
s9y serendipity 0.6
s9y serendipity 1.1.1
s9y serendipity 1.1.4
s9y serendipity 1.1.2
s9y serendipity 1.4.1
s9y serendipity 0.8
xinha wysiwyg_editor 0.93
s9y serendipity 1.0.1
s9y serendipity 0.4
s9y serendipity 1.3.1
s9y serendipity 0.5
s9y serendipity 0.7
s9y serendipity 0.9.1
s9y serendipity 1.5.1
s9y serendipity 1.0.3
s9y serendipity 0.8.3
s9y serendipity 0.8.1
s9y serendipity 1.0.2
xinha wysiwyg_editor 0.95
xinha wysiwyg_editor 0.96
s9y serendipity 1.0
s9y serendipity 0.3
xinha wysiwyg_editor 0.92
s9y serendipity 0.8.2
xinha wysiwyg_editor 0.94
s9y serendipity 1.0.4
s9y serendipity 1.5
s9y serendipity 0.8.4
xinha wysiwyg_editor 0.9
s9y serendipity 1.5.2
s9y serendipity 1.1
s9y serendipity 0.8.5
s9y serendipity 1.1.3
s9y serendipity 1.4
s9y serendipity 1.3
s9y serendipity 0.7.1
s9y serendipity 1.2
xinha wysiwyg_editor 0.91
CVE-2010-2957 LOW

Cross-site scripting (XSS) vulnerability in Serendipity before 1.5.4, when "Remember me" logins are enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
s9y serendipity 0.9
s9y serendipity 1.2.1
s9y serendipity 0.6
s9y serendipity 1.1.1
s9y serendipity 1.1.4
s9y serendipity 1.1.2
s9y serendipity 1.4.1
s9y serendipity 0.8
s9y serendipity 1.0.1
s9y serendipity 0.4
s9y serendipity 1.3.1
s9y serendipity 0.5
s9y serendipity 0.7
s9y serendipity 0.9.1
s9y serendipity 1.5.1
s9y serendipity 1.0.3
s9y serendipity 0.8.3
s9y serendipity 0.8.1
s9y serendipity 1.0.2
s9y serendipity 1.0
s9y serendipity 0.3
s9y serendipity 0.8.2
s9y serendipity 1.0.4
s9y serendipity 1.5
s9y serendipity 0.8.4
s9y serendipity 1.5.2
s9y serendipity 1.1
s9y serendipity 0.8.5
s9y serendipity 1.1.3
s9y serendipity 1.4
s9y serendipity 1.3
s9y serendipity 0.7.1
s9y serendipity 1.2
s9y serendipity *
CVE-2011-3800 MEDIUM

Serendipity 1.5.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by templates/newspaper/layout.php and certain other files.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
s9y serendipity 1.5.5
CVE-2012-2762 HIGH

SQL injection vulnerability in include/functions_trackbacks.inc.php in Serendipity 1.6.2 allows remote attackers to execute arbitrary SQL commands via the url parameter to comment.php.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
s9y serendipity 0.9
s9y serendipity 1.2.1
s9y serendipity 1.1.1
s9y serendipity 1.1.4
s9y serendipity 1.1.2
s9y serendipity 1.4.1
s9y serendipity 0.8
s9y serendipity 1.0.1
s9y serendipity 0.4
s9y serendipity 1.3.1
s9y serendipity 0.7
s9y serendipity 0.9.1
s9y serendipity 1.5.1
s9y serendipity 1.5.3
s9y serendipity 1.0.3
s9y serendipity 1.5.5
s9y serendipity 1.6
s9y serendipity 0.8.3
s9y serendipity 0.8.1
s9y serendipity 1.0.2
s9y serendipity 1.5.4
s9y serendipity 1.0
s9y serendipity 0.3
s9y serendipity 0.8.2
s9y serendipity 1.0.4
s9y serendipity 0.8.4
s9y serendipity 1.5.2
s9y serendipity 1.1
s9y serendipity 0.8.5
s9y serendipity 1.1.3
s9y serendipity 1.4
s9y serendipity 1.3
s9y serendipity 0.7.1
s9y serendipity 1.2
s9y serendipity *
CVE-2013-5314 MEDIUM

Cross-site scripting (XSS) vulnerability in serendipity_admin_image_selector.php in Serendipity 1.6.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the serendipity[htmltarget] parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
s9y serendipity 0.9
s9y serendipity 1.2.1
s9y serendipity 1.1.1
s9y serendipity 1.1.4
s9y serendipity 1.1.2
s9y serendipity 1.4.1
s9y serendipity 0.8
s9y serendipity 1.0.1
s9y serendipity 0.4
s9y serendipity 1.3.1
s9y serendipity 0.7
s9y serendipity 0.9.1
s9y serendipity 1.5.1
s9y serendipity 1.5.3
s9y serendipity 1.0.3
s9y serendipity 1.5.5
s9y serendipity 1.6
s9y serendipity 0.8.3
s9y serendipity 0.8.1
s9y serendipity 1.0.2
s9y serendipity 1.5.4
s9y serendipity 1.0
s9y serendipity 0.3
s9y serendipity 1.6.1
s9y serendipity 0.8.2
s9y serendipity 1.0.4
s9y serendipity 0.8.4
s9y serendipity 1.5.2
s9y serendipity 1.1
s9y serendipity 0.8.5
s9y serendipity 1.1.3
s9y serendipity 1.4
s9y serendipity 1.3
s9y serendipity 0.7.1
s9y serendipity 1.2
s9y serendipity *
CVE-2013-5670 MEDIUM

Cross-site scripting (XSS) vulnerability in spell-check-savedicts.php in the htmlarea SpellChecker module, as used in Serendipity before 1.7.3 and possibly other products, allows remote attackers to inject arbitrary web script or HTML via the to_r_list parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
s9y serendipity 0.9
s9y serendipity 1.2.1
s9y serendipity 1.1.1
s9y serendipity 1.1.4
s9y serendipity 1.1.2
s9y serendipity 1.4.1
s9y serendipity 0.8
s9y serendipity 1.0.1
s9y serendipity 1.6.2
s9y serendipity 1.7
s9y serendipity 0.4
s9y serendipity 1.3.1
s9y serendipity 0.7
s9y serendipity 0.9.1
s9y serendipity 1.5.1
s9y serendipity 1.5.3
s9y serendipity 1.0.3
s9y serendipity 1.5.5
s9y serendipity 1.6
s9y serendipity 0.8.3
s9y serendipity 0.8.1
s9y serendipity 1.0.2
s9y serendipity 1.5.4
s9y serendipity 1.0
s9y serendipity 0.3
s9y serendipity 1.6.1
s9y serendipity 0.8.2
s9y serendipity 1.0.4
s9y serendipity 0.8.4
s9y serendipity 1.5.2
s9y serendipity 1.1
s9y serendipity 0.8.5
s9y serendipity 1.1.3
s9y serendipity 1.4
s9y serendipity 1.3
s9y serendipity 0.7.1
s9y serendipity 1.2
s9y serendipity *
CVE-2014-9432 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in templates/2k11/admin/overview.inc.tpl in Serendipity before 2.0-rc2 allow remote attackers to inject arbitrary web script or HTML via a blog comment in the QUERY_STRING to serendipity/index.php.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
s9y serendipity *
CVE-2015-2289 LOW

Cross-site scripting (XSS) vulnerability in templates/2k11/admin/entries.tpl in Serendipity before 2.0.1 allows remote authenticated editors to inject arbitrary web script or HTML via the serendipity[cat][name] parameter to serendipity_admin.php, when creating a new category.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
s9y serendipity *
CVE-2015-6943 MEDIUM

SQL injection vulnerability in the serendipity_checkCommentToken function in include/functions_comments.inc.php in Serendipity before 2.0.2, when "Use Tokens for Comment Moderation" is enabled, allows remote administrators to execute arbitrary SQL commands via the serendipity[id] parameter to serendipity_admin.php.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,

Products Affected

Vendor Product Version
s9y serendipity *
CVE-2015-6968 MEDIUM

Multiple incomplete blacklist vulnerabilities in the serendipity_isActiveFile function in include/functions_images.inc.php in Serendipity before 2.0.2 allow remote authenticated users to execute arbitrary PHP code by uploading a file with a (1) .pht or (2) .phtml extension.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
s9y serendipity *
CVE-2015-6969 MEDIUM

Cross-site scripting (XSS) vulnerability in js/2k11.min.js in the 2k11 theme in Serendipity before 2.0.2 allows remote attackers to inject arbitrary web script or HTML via a user name in a comment, which is not properly handled in a Reply link.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
s9y serendipity *
CVE-2015-8603 LOW

Cross-site scripting (XSS) vulnerability in Serendipity before 2.0.3 allows remote attackers to inject arbitrary web script or HTML via the serendipity[entry_id] parameter in an "edit" admin action to serendipity_admin.php.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
s9y serendipity *
CVE-2016-10082 HIGH

include/functions_installer.inc.php in Serendipity through 2.0.5 is vulnerable to File Inclusion and a possible Code Execution attack during a first-time installation because it fails to sanitize the dbType POST parameter before adding it to an include() call in the bundled-libs/serendipity_generateFTPChecksums.php file.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-284,

Products Affected

Vendor Product Version
s9y serendipity *
CVE-2016-10737 LOW

Serendipity 2.0.4 has XSS via the serendipity_admin.php serendipity[body] parameter.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
s9y serendipity 2.0.4
CVE-2016-10752 HIGH

serendipity_moveMediaDirectory in Serendipity 2.0.3 allows remote attackers to upload and execute arbitrary PHP code because it mishandles an extensionless filename during a rename, as demonstrated by "php" as a filename.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-434,

Products Affected

Vendor Product Version
s9y serendipity 2.0.3
CVE-2016-9681 LOW

Multiple cross-site scripting (XSS) vulnerabilities in Serendipity before 2.0.5 allow remote authenticated users to inject arbitrary web script or HTML via a category or directory name.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
s9y serendipity *
CVE-2016-9752 MEDIUM

In Serendipity before 2.0.5, an attacker can bypass SSRF protection by using a malformed IP address (e.g., http://127.1) or a 30x (aka Redirection) HTTP status code.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-918,

Products Affected

Vendor Product Version
s9y serendipity *
CVE-2017-1000129 MEDIUM

Serendipity 2.0.3 is vulnerable to a SQL injection in the blog component resulting in information disclosure

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,

Products Affected

Vendor Product Version
s9y serendipity 2.0.3
CVE-2017-5474 MEDIUM

Open redirect vulnerability in comment.php in Serendipity through 2.0.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the HTTP Referer header.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-601,

Products Affected

Vendor Product Version
s9y serendipity *
CVE-2017-5475 MEDIUM

comment.php in Serendipity through 2.0.5 allows CSRF in deleting any comments.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
s9y serendipity *
CVE-2017-5476 MEDIUM

Serendipity through 2.0.5 allows CSRF for the installation of an event plugin or a sidebar plugin.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
s9y serendipity *
CVE-2017-5609 MEDIUM

SQL injection vulnerability in include/functions_entries.inc.php in Serendipity 2.0.5 allows remote authenticated users to execute arbitrary SQL commands via the cat parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,

Products Affected

Vendor Product Version
s9y serendipity 2.0.5
CVE-2017-8101 MEDIUM

There is CSRF in Serendipity 2.0.5, allowing attackers to install any themes via a GET request.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
s9y serendipity 2.0.5
CVE-2017-8102 LOW

Stored XSS in Serendipity v2.1-rc1 allows an attacker to steal an admin's cookie and other information by composing a new entry as an editor user. This is related to lack of the serendipity_event_xsstrust plugin and a set_config error in that plugin.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
s9y serendipity 2.1
CVE-2019-11870 MEDIUM

Serendipity before 2.1.5 has XSS via EXIF data that is mishandled in the templates/2k11/admin/media_choose.tpl Editor Preview feature or the templates/2k11/admin/media_items.tpl Media Library feature.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
s9y serendipity *
CVE-2020-10964 HIGH

Serendipity before 2.3.4 on Windows allows remote attackers to execute arbitrary code because the filename of a renamed file may end with a dot. This file may then be renamed to have a .php filename.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-434,

Products Affected

Vendor Product Version
s9y serendipity *
CVE-2023-31576

An arbitrary file upload vulnerability in Serendipity 2.4-beta1 allows attackers to execute arbitrary code via a crafted HTML or Javascript file.

Products Affected

Vendor Product Version
s9y serendipity 2.4.0
CVE-2023-53932

Serendipity 2.4.0 contains a stored cross-site scripting vulnerability that allows authenticated users to inject malicious scripts through blog entry creation. Attackers can craft entries with JavaScript payloads that will execute when other users view the compromised blog post.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
disclosure@vulncheck.com 4.6 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N 2.1 2.5

Products Affected

Vendor Product Version
s9y serendipity 2.4.0
CVE-2023-53933

Serendipity 2.4.0 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files with .phar extension. Attackers can upload files with system command payloads to the media upload endpoint and execute arbitrary commands on the server.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
disclosure@vulncheck.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
s9y serendipity 2.4.0
CVE-2024-58282

Serendipity 2.5.0 contains a remote code execution vulnerability that allows authenticated administrators to upload malicious PHP files through the media upload functionality. Attackers can exploit the file upload mechanism by creating a PHP shell with a command execution form that enables arbitrary system command execution on the web server.

Products Affected

Vendor Product Version
s9y serendipity 2.5.0