SQL Injection Vulnerability in Freetag Plugin for Serendipity by Serendipity CMS
CVE-2009-3337

Currently unrated

Key Information:

Vendor: S9y
Status: Serendipity Event Freetag
Vendor: CVE Published:; 24 September 2009

What is CVE-2009-3337?

The Freetag plugin for Serendipity CMS contains an SQL injection vulnerability that allows remote attackers to send crafted input via an undefined parameter linked to the meta keywords within blog entries. By exploiting this weakness, adversaries can execute arbitrary SQL commands on the underlying database, potentially compromising the integrity and confidentiality of the site’s data. Users are encouraged to update their Freetag plugin to version 3.09 or later to mitigate this security issue.

References

http://blog.s9y.org/archives/210-Security-update-for-Free...

x_refsource_CONFIRM

http://secunia.com/advisories/36706

third-party-advisoryx_refsource_SECUNIA

http://www.securityfocus.com/bid/36376

vdb-entryx_refsource_BID

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Sep 24, 2009

JSON

S9y

What is CVE-2009-3337?

References

Timeline