CVE-2006-2495

Severity

75%

Complexity

99%

Confidentiality

106%

Cross-site request forgery (CSRF) vulnerability in the Entry Manager in Serendipity before 1.0-beta3 allows remote attackers to perform unauthorized actions as a logged-in user via a link or IMG tag.

Cross-site request forgery (CSRF) vulnerability in the Entry Manager in Serendipity before 1.0-beta3 allows remote attackers to perform unauthorized actions as a logged-in user via a link or IMG tag.

CVSS 2.0 Base Score 7.5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P).

Overview

Type

S9Y Serendipity

First reported 18 years ago

2006-05-20 03:02:00

Last updated 13 years ago

2011-03-08 02:36:00

Affected Software

S9Y Serendipity 0.3

0.3

S9Y Serendipity 0.4

0.4

S9Y Serendipity 0.7

0.7

S9Y Serendipity 0.7.1

0.7.1

S9Y Serendipity 0.8

0.8

S9Y Serendipity 0.8.1

0.8.1

S9Y Serendipity 0.8.2

0.8.2

S9Y Serendipity 0.8.3

0.8.3

S9Y Serendipity 0.8.4

0.8.4

S9Y Serendipity 0.8.5

0.8.5

S9Y Serendipity 0.9

0.9

S9Y Serendipity 0.9.1

0.9.1

References

20155

Vendor Advisory

http://sourceforge.net/project/shownotes.php?release_id=414920&group_id=75065

Patch

ADV-2006-1855

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.