Описание
Serendipity 2.4.0 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files with .phar extension. Attackers can upload files with system command payloads to the media upload endpoint and execute arbitrary commands on the server.
Ссылки
- Product
- ExploitThird Party AdvisoryVDB Entry
- https://www.vulncheck.com/advisories/serendipity-authenticated-remote-code-execution-via-file-uploadThird Party AdvisoryExploit
- ExploitThird Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:s9y:serendipity:2.4.0:-:*:*:*:*:*:*
EPSS
Процентиль: 63%
0.00443
Низкий
8.8 High
CVSS3
Дефекты
CWE-434
Связанные уязвимости
CVSS3: 8.8
debian
около 2 месяцев назад
Serendipity 2.4.0 contains a remote code execution vulnerability that ...
CVSS3: 8.8
github
около 2 месяцев назад
Serendipity 2.4.0 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files with .phar extension. Attackers can upload files with system command payloads to the media upload endpoint and execute arbitrary commands on the server.
EPSS
Процентиль: 63%
0.00443
Низкий
8.8 High
CVSS3
Дефекты
CWE-434