QwikSec

Security Database

CVE

CWE

Training

CVE-2015-6968

Published: Sep 16, 2015

Modified: Sep 16, 2024

PUBLISHED

Description

Multiple incomplete blacklist vulnerabilities in the serendipity_isActiveFile function in include/functions_images.inc.php in Serendipity before 2.0.2 allow remote authenticated users to execute arbitrary PHP code by uploading a file with a (1) .pht or (2) .phtml extension.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

20150902 Serendipity 2.0.1 - Code Execution

mailing-list

x_refsource_FULLDISC

http://blog.curesec.com/article/blog/Serendipity-201-Code-Execution-48.html

x_refsource_MISC

http://packetstormsecurity.com/files/133426/Serendipity-2.0.1-Shell-Upload.html

x_refsource_MISC

http://blog.s9y.org/archives/265-Serendipity-2.0.2-Security-Fix-Release.html

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.