Skip to main content

Serendipity CVE-2017-8101

HIGH
Cross-Site Request Forgery (CSRF) (CWE-352)
2017-04-24 cve@mitre.org
8.8
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
8.8 HIGH
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Apr 24, 2017 - 18:59 cve.org
HIGH 8.8

DescriptionCVE.org

There is CSRF in Serendipity 2.0.5, allowing attackers to install any themes via a GET request.

AnalysisAI

There is CSRF in Serendipity 2.0.5, allowing attackers to install any themes via a GET request. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

Technical ContextAI

This vulnerability is classified as Cross-Site Request Forgery (CSRF) (CWE-352), which allows attackers to trick authenticated users into performing unintended actions. There is CSRF in Serendipity 2.0.5, allowing attackers to install any themes via a GET request. Affected products include: S9Y Serendipity.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Implement anti-CSRF tokens, validate Origin/Referer headers, use SameSite cookie attribute.

CVE-2023-31576 HIGH POC
8.8 May 16

An arbitrary file upload vulnerability in Serendipity 2.4-beta1 allows attackers to execute arbitrary code via a crafted

CVE-2012-2332 HIGH POC
7.5 Aug 13

SQL injection vulnerability in serendipity/serendipity_admin.php in Serendipity before 1.6.1 allows remote attackers to

CVE-2012-2331 MEDIUM POC
4.3 Aug 13

Cross-site scripting (XSS) vulnerability in serendipity/serendipity_admin_image_selector.php in Serendipity before 1.6.1

CVE-2015-6968 MEDIUM POC
6.5 Sep 16

Multiple incomplete blacklist vulnerabilities in the serendipity_isActiveFile function in include/functions_images.inc.p

CVE-2016-10082 CRITICAL
9.8 Dec 30

include/functions_installer.inc.php in Serendipity through 2.0.5 is vulnerable to File Inclusion and a possible Code Exe

CVE-2015-6943 MEDIUM POC
6.0 Sep 15

SQL injection vulnerability in the serendipity_checkCommentToken function in include/functions_comments.inc.php in Seren

CVE-2020-10964 CRITICAL
9.8 Mar 25

Serendipity before 2.3.4 on Windows allows remote attackers to execute arbitrary code because the filename of a renamed

CVE-2016-9681 MEDIUM POC
5.4 Dec 25

Multiple cross-site scripting (XSS) vulnerabilities in Serendipity before 2.0.5 allow remote authenticated users to inje

CVE-2015-8603 MEDIUM POC
5.4 Jan 12

Cross-site scripting (XSS) vulnerability in Serendipity before 2.0.3 allows remote attackers to inject arbitrary web scr

CVE-2017-8102 MEDIUM POC
5.4 Apr 24

Stored XSS in Serendipity v2.1-rc1 allows an attacker to steal an admin's cookie and other information by composing a ne

CVE-2017-5609 HIGH
8.8 Jan 28

SQL injection vulnerability in include/functions_entries.inc.php in Serendipity 2.0.5 allows remote authenticated users

CVE-2017-5476 HIGH
8.8 Jan 14

Serendipity through 2.0.5 allows CSRF for the installation of an event plugin or a sidebar plugin. Rated high severity (

Share

CVE-2017-8101 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy