CVE-2016-9752

Published December 1st, 2016

View on NVD ↗

CVSS v3

N/A

CVSS v2

5

MEDIUM

Affected

1

PROJECT

Description

In Serendipity before 2.0.5, an attacker can bypass SSRF protection by using a malformed IP address (e.g., http://127.1) or a 30x (aka Redirection) HTTP status code.

s9y/Serendipity

A PHP blog software

GitHub

225