Vulnerability in S9y Serendipity
CVE-2015-6968
Multiple incomplete blacklist vulnerabilities in the serendipity_isActiveFile function in include/functions_images.inc.php in Serendipity before 2.0.2 allow remote authenticated users to execute arbitrary PHP code by uploading a file with…
EPSS: 0.008 (74.6th percentile) — read the EPSS interpretation.
Affected products
- S9y Serendipity
- N/a — versions n/a
References
- 20150902 Serendipity 2.0.1 - Code Execution (mailing-list, Exploit, x_refsource_FULLDISC, Patch)
- cve@mitre.org (Exploit, x_refsource_MISC)
- cve@mitre.org (Exploit, x_refsource_MISC)
- cve@mitre.org (x_refsource_CONFIRM, Patch, Vendor Advisory)