CNNVD-202512-1779 Information

Dec 10, 2025 cve

CNNVD ID

CNNVD-202512-1779

CVE-2024-58282

CNNVD Published: 2025-12-10

Description (Chinese)

Serendipity是Serendipity团队的一套基于PHP的博客系统。该系统支持创建在线日记、博客、网页等。 Serendipity 2.5.0版本存在代码问题漏洞，该漏洞源于认证管理员可通过媒体上传功能上传恶意PHP文件，可能导致远程代码执行。

Description (English)

Serendipity is a PHP-based blog system for the Serendipity team. The system supports the creation of online journals, blogs, web pages, etc. Version 2.5.0 of Serendipity has a code gap, which stems from the fact that the authentication administrator can upload a malicious PHP file through the media upload function, which may lead to remote code execution.

Hazard Level

High

Vulnerability Type

代码问题

Affected Vendor

Serendipity

Published

2025-12-10

Last Modified

2026-02-24

References

https://docs.s9y.org/ https://www.s9y.org/latest https://www.vulncheck.com/advisories/serendipity-remote-code-execution-via-authenticated-media-upload https://www.exploit-db.com/exploits/52036 https://access.redhat.com/security/cve/cve-2024-58282

Share on: