Candidate: CVE-2017-5609
PublicDate: 2017-01-28 18:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5609
 https://github.com/s9y/Serendipity/commit/c62d667287f2d76c81e03a740a581eb3c51249b6
 https://github.com/s9y/Serendipity/releases/tag/2.1-rc1
Description:
 SQL injection vulnerability in include/functions_entries.inc.php in
 Serendipity 2.0.5 allows remote authenticated users to execute arbitrary
 SQL commands via the cat parameter.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H [8.8 HIGH]

Patches_serendipity:
 upstream: https://github.com/s9y/Serendipity/commit/c62d667287f2d76c81e03a740a581eb3c51249b6
upstream_serendipity: needed
precise_serendipity: ignored (reached end-of-life)
precise/esm_serendipity: DNE (precise was needed)
trusty_serendipity: DNE
trusty/esm_serendipity: DNE
vivid/stable-phone-overlay_serendipity: DNE
vivid/ubuntu-core_serendipity: DNE
xenial_serendipity: DNE
yakkety_serendipity: DNE
zesty_serendipity: DNE
devel_serendipity: DNE