CVE-2012-2332

SQL injection vulnerability in serendipity/serendipity_admin.php in Serendipity before 1.6.1 allows remote attackers to execute arbitrary SQL commands via the serendipity[plugin_to_conf] parameter. NOTE: this issue might be resultant from cross-site request forgery (CSRF).

Date published : 2012-08-13

http://www.securityfocus.com/bid/53418

http://archives.neohapsis.com/archives/bugtraq/2012-05/0037.html