Description

SQL injection vulnerability in the serendipity_checkCommentToken function in include/functions_comments.inc.php in Serendipity before 2.0.2, when "Use Tokens for Comment Moderation" is enabled, allows remote administrators to execute arbitrary SQL commands via the serendipity[id] parameter to serendipity_admin.php.

Remediation

References

CVE-2015-6943

Related Vulnerabilities

Mailman Other Vulnerability (CVE-2005-0080)

WordPress Plugin WordPress Leads Cross-Site Scripting (1.6.2)

WordPress Plugin Responsive Poll Cross-Site Scripting (1.5.8)

Drupal Core 6.x Multiple Cross-Site Scripting Vulnerabilities (6.0)

Rukovoditel Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2020-13592)

Severity

Medium

Classification

CVE-2015-6943 CWE-138

Tags

Missing Update Known Vulnerabilities