PROBLEM:
Serendipity Unspecified SQL Injection Vulnerability
PLATFORM:
1.6.1 and prior versions
ABSTRACT:
A vulnerability was reported in Serendipity. A remote user can inject SQL commands.
Reference Links:
SecurityTracker Alert ID: 1027079
Secunia Advisory SA49234
CVE-2012-2762
IMPACT ASSESSMENT:
Medium
Discussion:
The 'include/functions_trackbacks.inc.php' script does not properly validate user-supplied input. A remote user can supply a specially crafted parameter value to execute SQL commands on the underlying database.
Impact:
A remote user can execute SQL commands on the underlying database.
Solution:
The vendor has issued a fix (1.6.2).