An arbitrary file upload vulnerability in Serendipity 2.4-beta1 allows malicious users to execute arbitrary code via a crafted HTML or Javascript file.
s9y serendipity 2.4.0