Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Serendipity Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability - CVE-2015-6943 - Vulnerability Database
Serendipity

Serendipity Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability - CVE-2015-6943

Medium
Reference: CVE-2015-6943
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2015-6943
Title: Serendipity Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
Overview:

SQL injection vulnerability in the serendipity_checkCommentToken function in include/functions_comments.inc.php in Serendipity before 2.0.2 when quotUse Tokens for Comment Moderationquot is enabled allows remote administrators to execute arbitrary SQL commands via the serendipityid parameter to serendipity_admin.php.