Description
Multiple incomplete blacklist vulnerabilities in the serendipity_isActiveFile function in include/functions_images.inc.php in Serendipity before 2.0.2 allow remote authenticated users to execute arbitrary PHP code by uploading a file with a (1) .pht or (2) .phtml extension.
Remediation
References
Related Vulnerabilities
WordPress Plugin NextScripts:Social Networks Auto-Poster Cross-Site Scripting (4.3.20)
WordPress Plugin qTranslate Cross-Site Request Forgery (2.5.34)
WordPress Plugin WordPress Appointment Schedule Booking System Cross-Site Scripting (1.0)
Oracle Database Server CVE-2008-0342 Vulnerability (CVE-2008-0342)