CVE Request:CSRF in Serendipity allows attacker installs any themes

Posted by Wester 95 on Apr 11

Hi team,

I would like to request one CVE id, thank you!

Details

======

Software: s9y Serendipity

Version: <2.0.5

Homepage: https://docs.s9y.org/

=======

Description

================

Get type CSRF in Serendipity allows attacker installs any themes, no token here.

POC:

========

include this in the page ,then attack will occur:

<img
src=”…

Leave a Reply