Vulnerabilities > CVE-2015-6968 - Unspecified vulnerability in S9Y Serendipity

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

s9y

NVD

Published: 2015-09-16

Updated: 2015-09-16

Summary

Multiple incomplete blacklist vulnerabilities in the serendipity_isActiveFile function in include/functions_images.inc.php in Serendipity before 2.0.2 allow remote authenticated users to execute arbitrary PHP code by uploading a file with a (1) .pht or (2) .phtml extension. <a href="http://cwe.mitre.org/data/definitions/434.html">CWE-434: Unrestricted Upload of File with Dangerous Type</a>

Vulnerable Configurations

Part	Description	Count
Application	S9Y S9Y Serendipity 0.3 S9Y Serendipity 0.4 S9Y Serendipity 0.7 S9Y Serendipity 0.7.1 S9Y Serendipity 0.8 S9Y Serendipity 0.8.1 S9Y Serendipity 0.8.2 S9Y Serendipity 0.8.3 S9Y Serendipity 0.8.4 S9Y Serendipity 0.8.5 S9Y Serendipity 0.9 S9Y Serendipity 0.9.1 S9Y Serendipity 1.0 S9Y Serendipity 1.0.1 S9Y Serendipity 1.0.2 S9Y Serendipity 1.0.3 S9Y Serendipity 1.0.4 S9Y Serendipity 1.1 S9Y Serendipity 1.1.1 S9Y Serendipity 1.1.2 S9Y Serendipity 1.1.3 S9Y Serendipity 1.1.4 S9Y Serendipity 1.2 S9Y Serendipity 1.2.1 S9Y Serendipity 1.3 S9Y Serendipity 1.3.1 S9Y Serendipity 1.4 S9Y Serendipity 1.4.1 S9Y Serendipity 1.5.1 S9Y Serendipity 1.5.2 S9Y Serendipity 1.5.3 S9Y Serendipity 1.5.4 S9Y Serendipity 1.5.5 S9Y Serendipity 1.6 S9Y Serendipity 1.6.1 S9Y Serendipity 1.6.2 S9Y Serendipity 1.7 S9Y Serendipity 1.7.2 S9Y Serendipity 1.7.3 S9Y Serendipity 1.7.4 S9Y Serendipity 1.7.5 S9Y Serendipity 1.7.6 S9Y Serendipity 1.7.7 S9Y Serendipity 1.7.8 S9Y Serendipity 1.7.9 S9Y Serendipity 2.0 S9Y Serendipity 2.0.0 S9Y Serendipity 2.0.1	48

Summary

Vulnerable Configurations

References