Full Disclosure

CVE Request:CSRF in Serendipity allows attacker installs any themes

April 11, 2017 007admin Leave a comment

Posted by Wester 95 on Apr 11

Hi team,

I would like to request one CVE id, thank you!

Details

======

Software: s9y Serendipity

Version: <2.0.5

Homepage: https://docs.s9y.org/

=======

Description

================

Get type CSRF in Serendipity allows attacker installs any themes, no token here.

POC:

========

include this in the page ,then attack will occur:

<img
src=”…

Leave a Reply Cancel reply

You must be logged in to post a comment.

Software and Security Information