Multiple Incomplete Blacklist Vulnerabilities in Serendipity by Serendipity Team
CVE-2015-6968

Currently unrated

Key Information:

Vendor: S9y
Status: Serendipity
Vendor: CVE Published:; 16 September 2015

What is CVE-2015-6968?

Multiple incomplete blacklist vulnerabilities exist in the serendipity_isActiveFile function of include/functions_images.inc.php in Serendipity versions prior to 2.0.2. This allows remote authenticated users to exploit the software by uploading malicious files with .pht or .phtml extensions, potentially executing arbitrary PHP code on the server. Organizations using affected versions should apply available security updates to mitigate the risk of unauthorized code execution and enhance overall system security.

References

http://seclists.org/fulldisclosure/2015/Sep/6

mailing-listx_refsource_FULLDISC

http://blog.curesec.com/article/blog/Serendipity-201-Code...

x_refsource_MISC

http://packetstormsecurity.com/files/133426/Serendipity-2...

x_refsource_MISC

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Sep 16, 2015

JSON

S9y

What is CVE-2015-6968?

References

Timeline