CyberSec.Space Logo
Back to CVE Browser

CVE-2020-10964

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1680%
EPSS Percentile13.61th
PublishedMar 25, 2020
Last ModifiedNov 21, 2024

Vulnerability Description

Serendipity before 2.3.4 on Windows allows remote attackers to execute arbitrary code because the filename of a renamed file may end with a dot. This file may then be renamed to have a .php filename.

Affected Platforms (CPE)

πŸ“¦
S9y

Serendipity

< 2.3.4

References & Advisories

πŸ”— https://blog.s9y.org/archives/290-Serendipity-2.3.4-released-security-update.html
πŸ”— https://github.com/s9y/Serendipity/releases/tag/2.3.4
πŸ”— https://blog.s9y.org/archives/290-Serendipity-2.3.4-released-security-update.html
πŸ”— https://github.com/s9y/Serendipity/releases/tag/2.3.4

Related Vulnerabilities

CVE-2005-145210.0

Serendipity before 0.8 allows Chief users to "hide plugins installed by other users."

CVE-2005-144910.0

Unknown vulnerability in serendipity_config_local.inc.php for Serendipity before 0.8 has unknown impact.

CVE-2011-11349.8

Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity package before 1.5.5, allows remote attackers to execute arbit...

CVE-2016-100829.8

include/functions_installer.inc.php in Serendipity through 2.0.5 is vulnerable to File Inclusion and a possible Code Execution att...

CVE-2020-10964 Detail & Impact Analysis | CVSS 9.8 (CRITICAL) | Cyber-Sec.Space | Cyber-Sec.Space