CVE-2004-2158

Name of the Vulnerable Software and Affected Versions Serendipity version 0.7-beta1

Description The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the entry id parameter to (1) "exit.php" or (2) "comment.php" API endpoints.

Recommendations For Serendipity version 0.7-beta1, as a temporary workaround, consider restricting access to the "exit.php" and "comment.php" endpoints until a patch is available. Avoid using the entry id parameter in these affected API endpoints until the issue is resolved.