Description
Serendipity before 2.3.4 on Windows allows remote attackers to execute arbitrary code because the filename of a renamed file may end with a dot. This file may then be renamed to have a .php filename.
Remediation
References
Related Vulnerabilities
WordPress Plugin WP Events Calendar 'event_id' Parameter SQL Injection (6.5.2)
Microsoft SQL Server CVE-2023-32027 Vulnerability (CVE-2023-32027)
Apache Tomcat CVE-2024-24549 Vulnerability (CVE-2024-24549)
Grafana Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2026-21722)