SECURITY UPDATE: Serendipity 1.7.8 Update

Last modified: March 30, 2020
You are here:
Estimated reading time: 1 min


The Serendipity vulnerability was found by High-Tech Bridge SA Security Research Lab. Which can be used to perform SQL injection attacks.

1) SQL injection in Serendipity

First, 1.1 Input passed to comment.php via the “url” GET parameter is not sanitized properly before it is used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

The following PoC (Proof of Concept) demonstrates the vulnerability:



Then, successful exploitation of this vulnerability needs that “magic_quotes_gpc” to be off.

Upgrade to Serendipity 1.7.8

Download latest 

More Information:

Serendipity 1.6.2 released
GitHub about Serendipity


Vulnerability Description:
>>  The Serendipity back end is prone to a Cross-Site Scripting and SQL-Injection vulnerability.

>>  Upgrade to version 1.7.8 . To upgrade these scripts go to your Control Panel -> Softaculous -> Installations.

You can then update the scripts. Credits:

>>  Vulnerabilities found and advisory written by Stefan Schurtz (KORAMIS Security Team).



Was this article helpful?
Dislike 0
Views: 21
Customer Services Contact

Need Help? Send a Ticket to our 24X7 Technical Support Team

Subscribe Newsletter

Subscribe to Casbay Newsletter for online tips, events and latest promotion !

Copyright © 2010 – 2021 Casbay Sdn. Bhd. (1042688-D). All Rights Reserved.

All Trademarks Are The Property of Their Respective Owner.