There is CSRF in Serendipity 2.0.5, allowing attackers to install any themes via a GET request.Referenceshttp://seclists.org/fulldisclosure/2017/Apr/52https://github.com/s9y/Serendipity/issues/452
