SQL Injection in S9y Serendipity

CVE-2015-6943

SQL injection vulnerability in the serendipity_checkCommentToken function in include/functions_comments.inc.php in Serendipity before 2.0.2, when "Use Tokens for Comment Moderation" is enabled, allows remote administrators to execute arbit…

Vulnerability class: SQL Injection

EPSS: 0.003 (48.8th percentile) — read the EPSS interpretation.

Affected products

S9y Serendipity
N/a — versions n/a

Weakness classification (CWE)

CWE-89 — SQL Injection

References

20150902 Serendipity 2.0.1 - Blind SQL Injection (mailing-list, Exploit, x_refsource_FULLDISC)
1033558 (vdb-entry, x_refsource_SECTRACK)
cve@mitre.org (Exploit, x_refsource_MISC)
cve@mitre.org (Exploit, x_refsource_MISC)
cve@mitre.org (x_refsource_CONFIRM, Patch)