Serendipity Security Vulnerabilities and Issues — Serendipity CVE List

Lucene search

S9ySerendipity

4 matches found

CVE•added 2020/03/25 10:15 p.m.•73 views

CVE-2020-10964

Serendipity before 2.3.4 on Windows allows remote attackers to execute arbitrary code because the filename of a renamed file may end with a dot. This file may then be renamed to have a .php filename.

9.8CVSS9.7AI score0.03798EPSS

CVE•added 2019/05/24 6:29 p.m.•60 views

CVE-2016-10752

serendipity_moveMediaDirectory in Serendipity 2.0.3 allows remote attackers to upload and execute arbitrary PHP code because it mishandles an extensionless filename during a rename, as demonstrated by "php" as a filename.

9.8CVSS9.7AI score0.00748EPSS

CVE•added 2016/12/30 7:59 a.m.•36 views

CVE-2016-10082

include/functions_installer.inc.php in Serendipity through 2.0.5 is vulnerable to File Inclusion and a possible Code Execution attack during a first-time installation because it fails to sanitize the dbType POST parameter before adding it to an include() call in the bundled-libs/serendipity_generat...

9.8CVSS9.4AI score0.0164EPSS

CVE•added 2019/11/05 9:15 p.m.•33 views

CVE-2011-1134

Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity package before 1.5.5, allows remote attackers to execute arbitrary code in the image manager.

9.8CVSS8.5AI score0.05004EPSS