Serendipity Unspecified SQL Injection Vulnerability
1.6.1 and prior versions
A vulnerability was reported in Serendipity. A remote user can inject SQL commands.
The 'include/functions_trackbacks.inc.php' script does not properly validate user-supplied input. A remote user can supply a specially crafted parameter value to execute SQL commands on the underlying database.
A remote user can execute SQL commands on the underlying database.
The vendor has issued a fix (1.6.2).