Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple incomplete blacklist vulnerabilities in the serendipity_isActiveFile function in include/functions_images.inc.php in Serendipity before 2.0.2 allow remote authenticated users to execute arbitrary PHP code by uploading a file with a (1) .pht or (2) .phtml extension.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Serendipity 不完整黑名单漏洞
Vulnerability Description
Serendipity是Serendipity团队开发的一套基于PHP的博客系统。该系统支持创建在线日记、博客、网页等。 Serendipity 2.0.2之前版本的include/functions_images.inc.php脚本中的‘serendipity_isActiveFile’函数存在不完整黑名单漏洞。远程攻击者可通过上传带有.pht或.phtml扩展名的文件利用该漏洞执行任意PHP代码。
CVSS Information
N/A
Vulnerability Type
N/A