Serendipity Server-Side Request Forgery (SSRF) Vulnerability - CVE-2016-9752

In Serendipity before 2.0.5 an attacker can bypass SSRF protection by using a malformed IP address (e.g. http://127.1) or a 30x (aka Redirection) HTTP status code.