Skip to main content

Serendipity CVE-2016-9752

HIGH
Server-Side Request Forgery (SSRF) (CWE-918)
2016-12-01 cve@mitre.org
8.6
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
8.6 HIGH
AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
None
Integrity
High
Availability
None

Lifecycle Timeline

1
CVE Published
Dec 01, 2016 - 11:59 cve.org
HIGH 8.6

DescriptionCVE.org

In Serendipity before 2.0.5, an attacker can bypass SSRF protection by using a malformed IP address (e.g., http://127.1) or a 30x (aka Redirection) HTTP status code.

AnalysisAI

In Serendipity before 2.0.5, an attacker can bypass SSRF protection by using a malformed IP address (e.g., http://127.1) or a 30x (aka Redirection) HTTP status code. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

Technical ContextAI

This vulnerability is classified as Server-Side Request Forgery (SSRF) (CWE-918), which allows attackers to make the server perform requests to unintended internal or external resources. In Serendipity before 2.0.5, an attacker can bypass SSRF protection by using a malformed IP address (e.g., http://127.1) or a 30x (aka Redirection) HTTP status code. Affected products include: S9Y Serendipity. Version information: before 2.0.5.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Validate and allowlist destination URLs, block requests to internal networks, use network segmentation.

CVE-2023-31576 HIGH POC
8.8 May 16

An arbitrary file upload vulnerability in Serendipity 2.4-beta1 allows attackers to execute arbitrary code via a crafted

CVE-2012-2332 HIGH POC
7.5 Aug 13

SQL injection vulnerability in serendipity/serendipity_admin.php in Serendipity before 1.6.1 allows remote attackers to

CVE-2012-2331 MEDIUM POC
4.3 Aug 13

Cross-site scripting (XSS) vulnerability in serendipity/serendipity_admin_image_selector.php in Serendipity before 1.6.1

CVE-2015-6968 MEDIUM POC
6.5 Sep 16

Multiple incomplete blacklist vulnerabilities in the serendipity_isActiveFile function in include/functions_images.inc.p

CVE-2016-10082 CRITICAL
9.8 Dec 30

include/functions_installer.inc.php in Serendipity through 2.0.5 is vulnerable to File Inclusion and a possible Code Exe

CVE-2015-6943 MEDIUM POC
6.0 Sep 15

SQL injection vulnerability in the serendipity_checkCommentToken function in include/functions_comments.inc.php in Seren

CVE-2020-10964 CRITICAL
9.8 Mar 25

Serendipity before 2.3.4 on Windows allows remote attackers to execute arbitrary code because the filename of a renamed

CVE-2016-9681 MEDIUM POC
5.4 Dec 25

Multiple cross-site scripting (XSS) vulnerabilities in Serendipity before 2.0.5 allow remote authenticated users to inje

CVE-2015-8603 MEDIUM POC
5.4 Jan 12

Cross-site scripting (XSS) vulnerability in Serendipity before 2.0.3 allows remote attackers to inject arbitrary web scr

CVE-2017-8102 MEDIUM POC
5.4 Apr 24

Stored XSS in Serendipity v2.1-rc1 allows an attacker to steal an admin's cookie and other information by composing a ne

CVE-2017-5609 HIGH
8.8 Jan 28

SQL injection vulnerability in include/functions_entries.inc.php in Serendipity 2.0.5 allows remote authenticated users

CVE-2017-5476 HIGH
8.8 Jan 14

Serendipity through 2.0.5 allows CSRF for the installation of an event plugin or a sidebar plugin. Rated high severity (

Share

CVE-2016-9752 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy