Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Serendipity Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2017-5476)

Description

Serendipity through 2.0.5 allows CSRF for the installation of an event plugin or a sidebar plugin.

Remediation

References

Related Vulnerabilities

PHP Out-of-bounds Read Vulnerability (CVE-2016-9935)

EspoCRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-14350)

WordPress Plugin YARPP-Yet Another Related Posts Multiple Vulnerabilities (4.2.4)

WildFly Application Server Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') Vulnerability (CVE-2016-4993)

PHP Other Vulnerability (CVE-2006-1014)

Severity

High

Classification

CVE-2017-5476 CWE-352 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities