CVE-2012-2332

NameCVE-2012-2332
DescriptionSQL injection vulnerability in serendipity/serendipity_admin.php in Serendipity before 1.6.1 allows remote attackers to execute arbitrary SQL commands via the serendipity[plugin_to_conf] parameter. NOTE: this issue might be resultant from cross-site request forgery (CSRF).
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs671937

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
serendipitysource(unstable)(unfixed)low671937

Notes

[squeeze] - serendipity <no-dsa> (Minor issue)
http://web.archive.org/web/20120527103654/http://www.koramis.com:80/advisories/2012/KORAMIS-ADV2012-001.txt
http://blog.s9y.org/archives/240-Serendipity-1.6.1-released.html
CVE id requested http://seclists.org/oss-sec/2012/q2/276

Search for package or bug name: Reporting problems