S9Y Serendipity 2.0.3 Remote Code Execution Vulnerability
serendipity_moveMediaDirectory in Serendipity 2.0.3 allows remote attackers to upload and execute arbitrary PHP code because it mishandles an extensionless filename during a rename, as demonstrated by “php” as a filename.
The information has been provided by Hendrik Buchwald
The original article can be found at: https://demo.ripstech.com/scan/74/97
S9Y Serendipity is prone to a remote code-execution vulnerability.This allows a remote attacker to exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts may result in a denial-of-service condition.
- S9Y Serendipity 2.0.3