SECURITY UPDATE: Serendipity 1.7.8 Update

Last modified: March 30, 2020
You are here:
Estimated reading time: 1 min

ISSUE:

The Serendipity vulnerability was found by High-Tech Bridge SA Security Research Lab. Which can be used to perform SQL injection attacks.

1) SQL injection in Serendipity

First, 1.1 Input passed to comment.php via the “url” GET parameter is not sanitized properly before it is used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

The following PoC (Proof of Concept) demonstrates the vulnerability:

http://[host]/comment.php?

type=trackback&entry_id=1&url=%27%20OR%20mid%28version%28%29,1,1%29=5%20–%202

Then, successful exploitation of this vulnerability needs that “magic_quotes_gpc” to be off.

Solution:
Upgrade to Serendipity 1.7.8

Download latest 

More Information:

Serendipity 1.6.2 released
GitHub about Serendipity

**********************************************************************

Vulnerability Description:
>>  The Serendipity back end is prone to a Cross-Site Scripting and SQL-Injection vulnerability.

Solution:
>>  Upgrade to version 1.7.8 . To upgrade these scripts go to your Control Panel -> Softaculous -> Installations.

You can then update the scripts. Credits:

Credits:
>>  Vulnerabilities found and advisory written by Stefan Schurtz (KORAMIS Security Team).

Reference:

Serendipity

Was this article helpful?
Dislike 0
Views: 20