Description

SQL injection vulnerability in serendipity/serendipity_admin.php in Serendipity before 1.6.1 allows remote attackers to execute arbitrary SQL commands via the serendipity[plugin_to_conf] parameter. NOTE: this issue might be resultant from cross-site request forgery (CSRF).

Remediation

References

CVE-2012-2332

Related Vulnerabilities

WordPress Plugin WooCommerce Anti-Fraud Security Bypass (3.2)

Oracle JRE CVE-2017-10281 Vulnerability (CVE-2017-10281)

Contao Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2017-10993)

WordPress Plugin GeoDirectory-WordPress Business Directory and Classified Ads Listings Cross-Site Scripting (1.4.4)

WordPress Plugin WP Dark Mode-Best Dark Mode & Social Sharing for WordPress Cross-Site Scripting (3.0.6)

Severity

High

Classification

CVE-2012-2332 CWE-138

Tags

Missing Update Known Vulnerabilities