S9Y » Serendipity » 0.5 : Security Vulnerabilities, CVEs, (Code Execution)
Serendipity before 2.3.4 on Windows allows remote attackers to execute arbitrary code because the filename of a renamed file may end with a dot. This file may then be renamed to have a .php filename.
Max CVSS
9.8
EPSS Score
2.22%
Published
2020-03-25
Updated
2020-03-27
Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity package before 1.5.5, allows remote attackers to execute arbitrary code in plugins/ExtendedFileManager/manager.php and plugins/ImageManager/manager.php.
Max CVSS
6.1
EPSS Score
0.58%
Published
2019-11-05
Updated
2019-11-08
Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity package before 1.5.5, allows remote attackers to execute arbitrary code in the image manager.
Max CVSS
9.8
EPSS Score
1.34%
Published
2019-11-05
Updated
2019-11-08
Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity package before 1.5.5, allows remote attackers to execute arbitrary code via plugins/ExtendedFileManager/backend.php.
Max CVSS
6.1
EPSS Score
0.58%
Published
2019-11-05
Updated
2019-11-08
Unrestricted file upload vulnerability in Serendipity before 1.5 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension followed by a safe extension, then accessing it via a direct request to the file in an unspecified directory. NOTE: some of these details are obtained from third party information.
Max CVSS
6.0
EPSS Score
1.42%
Published
2009-12-24
Updated
2017-08-17
5 vulnerabilities found