Description
Multiple incomplete blacklist vulnerabilities in the serendipity_isActiveFile function in include/functions_images.inc.php in Serendipity before 2.0.2 allow remote authenticated users to execute arbitrary PHP code by uploading a file with a (1) .pht or (2) .phtml extension.
Remediation
References
Related Vulnerabilities
Drupal Cryptographic Issues Vulnerability (CVE-2013-6386)
WordPress Plugin WP REST API (WP API) Cross-Site Request Forgery (1.1)
Oracle HTTP Server Other Vulnerability (CVE-2006-5350)
JBoss Application Server Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2011-3609)
ownCloud Improper Privilege Management Vulnerability (CVE-2021-35946)