Description
SQL injection vulnerability in the serendipity_checkCommentToken function in include/functions_comments.inc.php in Serendipity before 2.0.2, when "Use Tokens for Comment Moderation" is enabled, allows remote administrators to execute arbitrary SQL commands via the serendipity[id] parameter to serendipity_admin.php.
Remediation
References
Related Vulnerabilities
PHP Time-of-check Time-of-use (TOCTOU) Race Condition Vulnerability (CVE-2004-0594)
WordPress Plugin Scribble Maps Cross-Site Scripting (1.2)
WordPress Plugin MP3 Audio Player for Music, Radio & Podcast by Sonaar Cross-Site Scripting (3.0.1)
Envoy Proxy Improper Check for Unusual or Exceptional Conditions Vulnerability (CVE-2021-39162)