cbcvebase.
CVE-2015-6968
published 2015-09-16

CVE-2015-6968: Multiple incomplete blacklist vulnerabilities in the serendipity_isActiveFile function in include/functions_images.inc.php in Serendipity before 2.0.2 allow…

PriorityP335medium6.5CVSS 2.0
AVNACLAuSCPIPAP
EPSS
2.07%
79.1th percentile
Multiple incomplete blacklist vulnerabilities in the serendipity_isActiveFile function in include/functions_images.inc.php in Serendipity before 2.0.2 allow remote authenticated users to execute arbitrary PHP code by uploading a file with a (1) .pht or (2) .phtml extension.

Affected

1 ranges
VendorProductVersion rangeFixed in
s9yserendipity<= 2.0.1
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.