SQL Injection Vulnerability in Serendipity by Serendipity Team
CVE-2015-6943

Currently unrated

Key Information:

Vendor: S9y
Status: Serendipity
Vendor: CVE Published:; 15 September 2015

What is CVE-2015-6943?

The vulnerability in Serendipity's comment moderation feature permits remote administrators to leverage the 'serendipity_checkCommentToken' function to execute arbitrary SQL commands. This issue arises when the 'Use Tokens for Comment Moderation' setting is activated. An attacker can exploit this flaw via the 'serendipity[id]' parameter directed at 'serendipity_admin.php', enabling unauthorized access to database operations.

References

http://seclists.org/fulldisclosure/2015/Sep/10

mailing-listx_refsource_FULLDISC

http://www.securitytracker.com/id/1033558

vdb-entryx_refsource_SECTRACK

http://packetstormsecurity.com/files/133428/Serendipity-2...

x_refsource_MISC

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 15, 2015
Vulnerability Reserved
Sep 15, 2015

JSON

S9y

What is CVE-2015-6943?

References

Timeline