Serendipity prior to 2.3.4 on Windows allows remote malicious users to execute arbitrary code because the filename of a renamed file may end with a dot. This file may then be renamed to have a .php filename.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
s9y serendipity |