PT-2009-5644 · Serendipity · Serendipity Event Freetag

Niels Provos

Published

2009-09-24

Updated

2020-06-23

CVE-2009-3337

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Serendipity (S9Y) plugin serendipity event freetag versions prior to 3.09

Description A SQL injection issue allows remote attackers to execute arbitrary SQL commands via an unspecified parameter associated with Meta keywords in a blog entry.

Recommendations For versions prior to 3.09, update to version 3.09 or later to resolve the issue.

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2009-3337

Affected Products

Serendipity Event Freetag

PT-2009-5644 · Serendipity · Serendipity Event Freetag

CVE-2009-3337

Weakness Enumeration

Related Identifiers

Affected Products

References · 4