CyberSec.Space Logo
CVEブラウザに戻る

CVE-2020-10964

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1680%
EPSS Percentile13.61th
Published2020年3月25日
Last Modified2024年11月21日

Vulnerability Description

Serendipity before 2.3.4 on Windows allows remote attackers to execute arbitrary code because the filename of a renamed file may end with a dot. This file may then be renamed to have a .php filename.

Affected Platforms (CPE)

📦
S9y

Serendipity

< 2.3.4

References & Advisories

🔗 https://blog.s9y.org/archives/290-Serendipity-2.3.4-released-security-update.html
🔗 https://github.com/s9y/Serendipity/releases/tag/2.3.4
🔗 https://blog.s9y.org/archives/290-Serendipity-2.3.4-released-security-update.html
🔗 https://github.com/s9y/Serendipity/releases/tag/2.3.4

関連する脆弱性情報

CVE-2005-145210.0

Serendipity before 0.8 allows Chief users to "hide plugins installed by other users."

CVE-2005-144910.0

Unknown vulnerability in serendipity_config_local.inc.php for Serendipity before 0.8 has unknown impact.

CVE-2011-11349.8

Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity package before 1.5.5, allows remote attackers to execute arbit...

CVE-2016-100829.8

include/functions_installer.inc.php in Serendipity through 2.0.5 is vulnerable to File Inclusion and a possible Code Execution att...