← Back

CVE-2006-2495

nvd nist
Published: May 20, 2006Modified: Apr 16, 2026

JSON object

Loading...
7.5
Vector
AV:N/AC:L/Au:N/C:P/I:P/A:P
Exploitability: 10.0 / Impact: 6.4
Source: NVD

Description

Cross-site request forgery (CSRF) vulnerability in the Entry Manager in Serendipity before 1.0-beta3 allows remote attackers to perform unauthorized actions as a logged-in user via a link or IMG tag.

Affected (18)

Products: S9y: Serendipity
S9y
1 product
Serendipity
Configuration A
18 vulnerable
Vulnerable SoftwareAffected Versions
S9y
Serendipity
Version 0.3
Serendipity
Version 0.4
Serendipity
Version 0.5
Serendipity
Version 0.5_pl1
Serendipity
Version 0.6
Serendipity
Version 0.6_pl3
Serendipity
Version 0.7.1
Serendipity
Version 0.7
Serendipity
Version 0.8.1
Serendipity
Version 0.8.2
Serendipity
Version 0.8.3
Serendipity
Version 0.8.4
Serendipity
Version 0.8.5
Serendipity
Version 0.8
Serendipity
Version 0.9.1
Serendipity
Version 0.9
Serendipity
Version 1.0_beta1
Serendipity
Version 1.0_beta2

References (6)

Source: cve@mitre.org
Vendor Advisory
Source: cve@mitre.org
Patch
Source: cve@mitre.org
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Patch
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.