Security update for Freetag Plugin
Thanks to Niels Provos we have been informed of a security issue in the Serendipity Freetag plugin (serendipity_event_freetag). Versions up to 3.08 contained a bug that was not properly escaping a GET variable used in an SQL statement, leading to a possible SQL injection attack. The impact of this is considered to be low, as the query used is only for displaying Meta keywords inside a blog entry, and usual mysql-Client libraries to not allow to execute multiple stacked SQL queries to drop tables etc.
Read the original post:
Security update for Freetag Plugin