ГлавнаяУязвимости → CVE-2023-53933
8.8высокая

CVE-2023-53933

Описание

Serendipity 2.4.0 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files with .phar extension. Attackers can upload files with system command payloads to the media upload endpoint and execute arbitrary commands on the server.

Затрагиваемое ПО
S9y Serendipity
CVSS
Балл8.8 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Источники
https://docs.s9y.org/https://www.exploit-db.com/exploits/51372https://www.vulncheck.com/advisories/serendipity-authenticated-remote-code-execution-via-file-uploadhttps://www.exploit-db.com/exploits/51372