SQL injection vulnerability in exit.php for Serendipity 0.8 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) url_id or (2) entry_id parameters.
https://exchange.xforce.ibmcloud.com/vulnerabilities/20119
http://securitytracker.com/id?1013699