ISSUE:
The Serendipity vulnerability was found by High-Tech Bridge SA Security Research Lab. Which can be used to perform SQL injection attacks.
1) SQL injection in Serendipity
First, 1.1 Input passed to comment.php via the “url” GET parameter is not sanitized properly before it is used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
The following PoC (Proof of Concept) demonstrates the vulnerability:
http://[host]/comment.php?
type=trackback&entry_id=1&url=%27%20OR%20mid%28version%28%29,1,1%29=5%20–%202
Then, successful exploitation of this vulnerability needs that “magic_quotes_gpc” to be off.
Solution:
Upgrade to Serendipity 1.7.8
More Information:
Serendipity 1.6.2 released
GitHub about Serendipity
**********************************************************************
Vulnerability Description:
>> The Serendipity back end is prone to a Cross-Site Scripting and SQL-Injection vulnerability.
Solution:
>> Upgrade to version 1.7.8 . To upgrade these scripts go to your Control Panel -> Softaculous -> Installations.
You can then update the scripts. Credits:
Credits:
>> Vulnerabilities found and advisory written by Stefan Schurtz (KORAMIS Security Team).
Reference: