CVE

Id
55575  
CVE No.
CVE-2012-2332  
Status
Candidate  
Description
SQL injection vulnerability in serendipity/serendipity_admin.php in Serendipity before 1.6.1 allows remote attackers to execute arbitrary SQL commands via the serendipity[plugin_to_conf] parameter. NOTE: this issue might be resultant from cross-site request forgery (CSRF).  
Phase
Assigned (20120419)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
579831 55575 CVE-2012-2332 BUGTRAQ:20120508 Serendipity 1.6 Backend Cross-Site Scripting and SQL-Injection vulnerability  View
579832 55575 CVE-2012-2332 URL:http://archives.neohapsis.com/archives/bugtraq/2012-05/0037.html  View
579833 55575 CVE-2012-2332 MLIST:[oss-security] 20120508 CVE request: XSS and SQL injection in serendipity before 1.7.1  View
579834 55575 CVE-2012-2332 URL:http://www.openwall.com/lists/oss-security/2012/05/08/6  View
579835 55575 CVE-2012-2332 MLIST:[oss-security] 20120508 Re: CVE request: XSS and SQL injection in serendipity before 1.7.1  View
579836 55575 CVE-2012-2332 URL:http://www.openwall.com/lists/oss-security/2012/05/09/2  View
579837 55575 CVE-2012-2332 MISC:http://www.koramis.com/advisories/2012/KORAMIS-ADV2012-001.txt  View
579838 55575 CVE-2012-2332 MISC:http://www.rul3z.de/index.php?/214-KORAMISADV2012-001-Serendipity-1.6-Backend-Cross-Site-Scripting-and-SQL-Injection-vulnerability.html  View
579839 55575 CVE-2012-2332 CONFIRM:http://blog.s9y.org/archives/240-Serendipity-1.6.1-released.html  View
579840 55575 CVE-2012-2332 BID:53418  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
26754 JVNDB-2012-002461 sudo におけるコマンドの制限を回避される脆弱性 sudo はネットマスクの構文 (netmask syntax) を使用した設定を適切にサポートしないため、コマンドの制限を回避される脆弱性が存在します。 CVE-2012-2337 55575 7.2 http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002461.html  View