PT-2004-3053 · Serendipity · Serendipity
Published
2004-12-31
·
Updated
2017-07-11
·
CVE-2004-2158
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Serendipity version 0.7-beta1
Description
The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the
entry id parameter to (1) "exit.php" or (2) "comment.php" API endpoints.Recommendations
For Serendipity version 0.7-beta1, as a temporary workaround, consider restricting access to the "exit.php" and "comment.php" endpoints until a patch is available. Avoid using the
entry id parameter in these affected API endpoints until the issue is resolved.Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Serendipity