Vulnerabilities > CVE-2009-4412 - File-Upload vulnerability in Serendipity

CVSS 6.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

SINGLE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

s9y

NVD

Published: 2009-12-24

Updated: 2017-08-17

Summary

Unrestricted file upload vulnerability in Serendipity before 1.5 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension followed by a safe extension, then accessing it via a direct request to the file in an unspecified directory. NOTE: some of these details are obtained from third party information.

Vulnerable Configurations

Part	Description	Count
Application	S9Y S9Y Serendipity 0.3 S9Y Serendipity 0.4 S9Y Serendipity 0.5 S9Y Serendipity 0.6 S9Y Serendipity 0.7 S9Y Serendipity 0.7.1 S9Y Serendipity 0.8 S9Y Serendipity 0.8.1 S9Y Serendipity 0.8.2 S9Y Serendipity 0.8.3 S9Y Serendipity 0.8.4 S9Y Serendipity 0.8.5 S9Y Serendipity 0.9 S9Y Serendipity 0.9.1 S9Y Serendipity 1.0 S9Y Serendipity 1.0.1 S9Y Serendipity 1.0.2 S9Y Serendipity 1.0.3 S9Y Serendipity 1.0.4 S9Y Serendipity 1.1 S9Y Serendipity 1.1.1 S9Y Serendipity 1.1.2 S9Y Serendipity 1.1.3 S9Y Serendipity 1.1.4 S9Y Serendipity 1.2 S9Y Serendipity 1.2.1 S9Y Serendipity 1.3 S9Y Serendipity 1.3.1 S9Y Serendipity 1.4 S9Y Serendipity 1.4.1 S9Y Serendipity *	34

Summary

Vulnerable Configurations

References