AI Score
Confidence
High
EPSS
Percentile
90.6%
Serendipity before 2.3.4 on Windows allows remote attackers to execute arbitrary code because the filename of a renamed file may end with a dot. This file may then be renamed to have a .php filename.
blog.s9y.org/archives/290-Serendipity-2.3.4-released-security-update.html
github.com/s9y/Serendipity/releases/tag/2.3.4