oss-sec mailing list archives
CVE request: XSS and SQL injection in serendipity before 1.7.1
From: Hanno Böck <hanno () hboeck de>
Date: Tue, 8 May 2012 12:03:59 +0200
http://blog.s9y.org/archives/240-Serendipity-1.6.1-released.html "This release mainly addresses two security issues found by Stefan Schurtz (thanks a lot, again!). One is a XSS issue in the media database panel, the other an SQL injection in the media database section. Both issues can only be exploited if you are logged in to your blog and you click a specially crafted link. The SQL injection cannot be used to extract sensitive information from the database or delete data." The webpage of the vulnerability researcher is http://www.rul3z.de/ However, there seems to be no information yet about those vulns, probably they'll appear there soon. -- Hanno Böck mail/jabber: hanno () hboeck de GPG: BBB51E42 http://www.hboeck.de/
Attachment:
signature.asc
Description:
Current thread:
- CVE request: XSS and SQL injection in serendipity before 1.7.1 Hanno Böck (May 08)
- Re: CVE request: XSS and SQL injection in serendipity before 1.7.1 Kurt Seifried (May 08)