Description

In Serendipity before 2.0.5, an attacker can bypass SSRF protection by using a malformed IP address (e.g., http://127.1) or a 30x (aka Redirection) HTTP status code.

Remediation

References

CVE-2016-9752

Related Vulnerabilities

XWiki Improper Handling of Insufficient Privileges Vulnerability (CVE-2024-21648)

WordPress Plugin Post SMTP-WP SMTP with Email Logs & Mobile App for Failure Alerts-Any SMTP Plus Gmail SMTP, Office 365, Brevo, Mailgun, Amazon SES, Postmark SQL Injection (2.8.6)

WordPress 4.7.x Directory Traversal (4.7 - 4.7.28)

MySQL CVE-2017-10283 Vulnerability (CVE-2017-10283)

XWiki Exposure of Resource to Wrong Sphere Vulnerability (CVE-2023-34467)

Severity

High

Classification

CVE-2016-9752 CWE-918 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N

Tags

Missing Update Known Vulnerabilities