BID:53620

Serendipity 'functions_trackbacks.inc.php' SQL Injection Vulnerability

Info

Serendipity 'functions_trackbacks.inc.php' SQL Injection Vulnerability

Bugtraq ID:	53620
Class:	Input Validation Error
CVE:	CVE-2012-2762
Remote:	Yes
Local:	No
Published:	May 16 2012 12:00AM
Updated:	Jun 07 2012 02:00PM
Credit:	High-Tech Bridge SA
Vulnerable:	Serendipity Serendipity 1.6.1 Serendipity Serendipity 1.5.5 Serendipity Serendipity 1.6

Not Vulnerable:	Serendipity Serendipity 1.6.2

Discussion

Serendipity 'functions_trackbacks.inc.php' SQL Injection Vulnerability

Serendipity is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Serendipity 1.6.1 is vulnerable; other versions may also be affected.

Exploit / POC

Serendipity 'functions_trackbacks.inc.php' SQL Injection Vulnerability

An attacker can exploit the issue using a browser.

Solution / Fix

Serendipity 'functions_trackbacks.inc.php' SQL Injection Vulnerability

Solution:
Updates are available; please see the references for details.

References

Serendipity 'functions_trackbacks.inc.php' SQL Injection Vulnerability

References:

Fix SQL injection for comment.php used in read-context (Serendipity)
Serendipity 1.6.2 released (Serendipity)
Serendipity Homepage (S9Y)
SQL injection in Serendipity (High-Tech Bridge)