SQL Injection Vulnerability in Serendipity by Serendipity Team
CVE-2015-6943

Currently unrated

Key Information:

Vendor

S9y

Status
Serendipity
Vendor
CVE Published:
15 September 2015

What is CVE-2015-6943?

The vulnerability in Serendipity's comment moderation feature permits remote administrators to leverage the 'serendipity_checkCommentToken' function to execute arbitrary SQL commands. This issue arises when the 'Use Tokens for Comment Moderation' setting is activated. An attacker can exploit this flaw via the 'serendipity[id]' parameter directed at 'serendipity_admin.php', enabling unauthorized access to database operations.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://seclists.org/fulldisclosure/2015/Sep/10
mailing-listx_refsource_FULLDISC
http://www.securitytracker.com/id/1033558
vdb-entryx_refsource_SECTRACK
http://packetstormsecurity.com/files/133428/Serendipity-2...
x_refsource_MISC

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.