Description
Serendipity 2.5.0 contains a remote code execution vulnerability that allows authenticated administrators to upload malicious PHP files through the media upload functionality. Attackers can exploit the file upload mechanism by creating a PHP shell with a command execution form that enables arbitrary system command execution on the web server.
Remediation
References
Related Vulnerabilities
MySQL CVE-2021-35632 Vulnerability (CVE-2021-35632)
Atlassian Jira CVE-2020-14165 Vulnerability (CVE-2020-14165)
WordPress Plugin Quiz and Survey Master (QSM)-Easy Quiz and Survey Maker SQL Injection (7.1.11)
WordPress Plugin Auto Prune Posts Cross-Site Request Forgery (1.8.0)
PHP-Fusion Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-1807)