Unrated severityNVD Advisory· Published Sep 15, 2015· Updated May 6, 2026

CVE-2015-6943

Description

SQL injection vulnerability in the serendipity_checkCommentToken function in include/functions_comments.inc.php in Serendipity before 2.0.2, when "Use Tokens for Comment Moderation" is enabled, allows remote administrators to execute arbitrary SQL commands via the serendipity[id] parameter to serendipity_admin.php.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

blog.s9y.org/archives/265-Serendipity-2.0.2-Security-Fix-Release.htmlnvdPatch
blog.curesec.com/article/blog/Serendipity-201-Blind-SQL-Injection-52.htmlnvdExploit
packetstormsecurity.com/files/133428/Serendipity-2.0.1-Blind-SQL-Injection.htmlnvdExploit
seclists.org/fulldisclosure/2015/Sep/10nvdExploit
www.securitytracker.com/id/1033558nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000