Description
Multiple incomplete blacklist vulnerabilities in the serendipity_isActiveFile function in include/functions_images.inc.php in Serendipity before 2.0.2 allow remote authenticated users to execute arbitrary PHP code by uploading a file with a (1) .pht or (2) .phtml extension.
Remediation
References
Related Vulnerabilities
WordPress Plugin Social Hashtags Cross-Site Scripting (3.0.0)
WordPress Plugin Themify Builder Cross-Site Scripting (5.3.1)
XWiki Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2023-35152)
OpenSSL Cryptographic Issues Vulnerability (CVE-2011-1945)
Oracle Database Server CVE-2009-1969 Vulnerability (CVE-2009-1969)