CyberSec.Space Logo
Back to CVE Browser

CVE-2016-10082

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1740%
EPSS Percentile26.82th
PublishedDec 30, 2016
Last ModifiedMay 6, 2026

Vulnerability Description

include/functions_installer.inc.php in Serendipity through 2.0.5 is vulnerable to File Inclusion and a possible Code Execution attack during a first-time installation because it fails to sanitize the dbType POST parameter before adding it to an include() call in the bundled-libs/serendipity_generateFTPChecksums.php file.

Affected Platforms (CPE)

πŸ“¦
S9y

Serendipity

<= 2.0.5

References & Advisories

πŸ”— http://www.securityfocus.com/bid/95165
πŸ”— https://github.com/s9y/Serendipity/commit/bba6a840f4d53cbaf62971a3078a98c8ddf92b85
πŸ”— https://github.com/s9y/Serendipity/issues/433
πŸ”— http://www.securityfocus.com/bid/95165
πŸ”— https://github.com/s9y/Serendipity/commit/bba6a840f4d53cbaf62971a3078a98c8ddf92b85
πŸ”— https://github.com/s9y/Serendipity/issues/433

Related Vulnerabilities

CVE-2005-144910.0

Unknown vulnerability in serendipity_config_local.inc.php for Serendipity before 0.8 has unknown impact.

CVE-2005-145210.0

Serendipity before 0.8 allows Chief users to "hide plugins installed by other users."

CVE-2020-109649.8

Serendipity before 2.3.4 on Windows allows remote attackers to execute arbitrary code because the filename of a renamed file may e...

CVE-2011-11349.8

Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity package before 1.5.5, allows remote attackers to execute arbit...