CVE-2016-10752

2019-05-24T18:29:00
ID CVE-2016-10752
Type cve
Reporter cve@mitre.org
Modified 2019-05-29T14:33:00

Description

serendipity_moveMediaDirectory in Serendipity 2.0.3 allows remote attackers to upload and execute arbitrary PHP code because it mishandles an extensionless filename during a rename, as demonstrated by "php" as a filename.