Description
SQL injection vulnerability in exit.php for Serendipity 0.8 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) url_id or (2) entry_id parameters.
Product(s):
- S9Y Serendipity 0.3
- S9Y Serendipity 0.4
- S9y Serendipity 0.5
- S9y Serendipity 0.5_pl1
- S9y Serendipity 0.6
- S9y Serendipity 0.6_pl1
- S9y Serendipity 0.6_pl2
- S9y Serendipity 0.6_pl3
- S9y Serendipity 0.6_rc1
- S9y Serendipity 0.6_rc2
- S9Y Serendipity 0.7
- S9Y Serendipity 0.7 Beta 1
- S9Y Serendipity 0.7 Beta 2
- S9Y Serendipity 0.7 Beta 3
- S9Y Serendipity 0.7 Beta 4
- S9Y Serendipity 0.7 RC1
- S9y Serendipity 0.8 Beta 5
- S9y Serendipity 0.8 Beta 6
Question to Ask Vendors:
- Can you confirm whether your systems are affected by CVE-2005-1134, and if so, what steps are you currently taking to mitigate this vulnerability?
- What is your estimated timeline for fully resolving CVE-2005-1134 in your products or services, and how will you communicate updates on this issue to us as your customer?
Recommended Actions:
- Check out the advisory links provided below.