oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE request: XSS and SQL injection in serendipity before 1.7.1

From: Hanno Böck <hanno () hboeck de>
Date: Tue, 8 May 2012 12:03:59 +0200
http://blog.s9y.org/archives/240-Serendipity-1.6.1-released.html

"This release mainly addresses two security issues found by Stefan
Schurtz (thanks a lot, again!). One is a XSS issue in the media
database panel, the other an SQL injection in the media database
section. Both issues can only be exploited if you are logged in to your
blog and you click a specially crafted link. The SQL injection cannot
be used to extract sensitive information from the database or delete
data."

The webpage of the vulnerability researcher is
http://www.rul3z.de/

However, there seems to be no information yet about those vulns,
probably they'll appear there soon.

-- 
Hanno Böck              mail/jabber: hanno () hboeck de
GPG: BBB51E42           http://www.hboeck.de/

Attachment: signature.asc
Description:

Previous By Date Next
Previous By Thread Next

Current thread: