Description
SQL injection vulnerability in serendipity/serendipity_admin.php in Serendipity before 1.6.1 allows remote attackers to execute arbitrary SQL commands via the serendipity[plugin_to_conf] parameter. NOTE: this issue might be resultant from cross-site request forgery (CSRF).
Remediation
References
Related Vulnerabilities
WordPress Plugin EWWW Image Optimizer Denial of Service (6.0.1)
WordPress Plugin Knews Multilingual Newsletters SQL Injection (1.7.0)
LimeSurvey Improper Restriction of Rendered UI Layers or Frames Vulnerability (CVE-2019-16175)
OpenSSL Use of a Broken or Risky Cryptographic Algorithm Vulnerability (CVE-2005-2946)
WordPress Plugin The Official Facebook Chat Security Bypass (1.5)