ByteOS Network

NVD Vulnerability Details :

CVE-2015-6943

Deferred

Source-cve@mitre.org

Published At-15 Sep, 2015 | 18:59

Updated At-12 Apr, 2025 | 10:46

SQL injection vulnerability in the serendipity_checkCommentToken function in include/functions_comments.inc.php in Serendipity before 2.0.2, when "Use Tokens for Comment Moderation" is enabled, allows remote administrators to execute arbitrary SQL commands via the serendipity[id] parameter to serendipity_admin.php.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	2.0	6.0	MEDIUM	AV:N/AC:M/Au:S/C:P/I:P/A:P

CPE Matches

s9y>>serendipity>>Versions up to 2.0.1(inclusive)

cpe:2.3:a:s9y:serendipity:*:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-89	Primary	nvd@nist.gov

References

Hyperlink	Source	Resource
http://blog.curesec.com/article/blog/Serendipity-201-Blind-SQL-Injection-52.html	cve@mitre.org	Exploit
http://blog.s9y.org/archives/265-Serendipity-2.0.2-Security-Fix-Release.html	cve@mitre.org	Patch
http://packetstormsecurity.com/files/133428/Serendipity-2.0.1-Blind-SQL-Injection.html	cve@mitre.org	Exploit
http://seclists.org/fulldisclosure/2015/Sep/10	cve@mitre.org	Exploit
http://www.securitytracker.com/id/1033558	cve@mitre.org	N/A
http://blog.curesec.com/article/blog/Serendipity-201-Blind-SQL-Injection-52.html	af854a3a-2127-422b-91ae-364da2661108	Exploit
http://blog.s9y.org/archives/265-Serendipity-2.0.2-Security-Fix-Release.html	af854a3a-2127-422b-91ae-364da2661108	Patch
http://packetstormsecurity.com/files/133428/Serendipity-2.0.1-Blind-SQL-Injection.html	af854a3a-2127-422b-91ae-364da2661108	Exploit
http://seclists.org/fulldisclosure/2015/Sep/10	af854a3a-2127-422b-91ae-364da2661108	Exploit
http://www.securitytracker.com/id/1033558	af854a3a-2127-422b-91ae-364da2661108	N/A

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History