Vulnerabilities > S9Y > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-03-25 | CVE-2020-10964 | Unrestricted Upload of File with Dangerous Type vulnerability in S9Y Serendipity Serendipity before 2.3.4 on Windows allows remote attackers to execute arbitrary code because the filename of a renamed file may end with a dot. | 9.8 |
| 2019-11-05 | CVE-2011-1134 | Unrestricted Upload of File with Dangerous Type vulnerability in S9Y Serendipity Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity package before 1.5.5, allows remote attackers to execute arbitrary code in the image manager. | 9.8 |
| 2019-05-24 | CVE-2016-10752 | Unrestricted Upload of File with Dangerous Type vulnerability in S9Y Serendipity 2.0.3 serendipity_moveMediaDirectory in Serendipity 2.0.3 allows remote attackers to upload and execute arbitrary PHP code because it mishandles an extensionless filename during a rename, as demonstrated by "php" as a filename. | 9.8 |
| 2016-12-30 | CVE-2016-10082 | Improper Access Control vulnerability in S9Y Serendipity include/functions_installer.inc.php in Serendipity through 2.0.5 is vulnerable to File Inclusion and a possible Code Execution attack during a first-time installation because it fails to sanitize the dbType POST parameter before adding it to an include() call in the bundled-libs/serendipity_generateFTPChecksums.php file. | 9.8 |