CNNVD-202512-3180 Information

CNNVD ID

CNNVD-202512-3180

Related CVE

CVE-2023-53933

• CNNVD Published: 2025-12-17

Description (Chinese)

Serendipity是Serendipity团队的一套基于PHP的博客系统。该系统支持创建在线日记、博客、网页等。 Serendipity 2.4.0版本存在代码问题漏洞，该漏洞源于经过身份验证的攻击者可上传.phar扩展名的恶意PHP文件，可能导致远程代码执行。

Description (English)

Serendipity is a PHP-based blog system for the Serendipity team. The system supports the creation of online journals, blogs, web pages, etc. Version 2.4.0 of Serendipity has a code problem loophole, which stems from a malicious PHP file that can be uploaded by an identified attacker with a .phar extension and may lead to remote code implementation.

Hazard Level

Medium

Vulnerability Type

代码问题

Affected Vendor

Serendipity

Published

2025-12-17

Last Modified

2026-02-24

References

https://www.vulncheck.com/advisories/serendipity-authenticated-remote-code-execution-via-file-upload https://docs.s9y.org/ https://www.exploit-db.com/exploits/51372 https://access.redhat.com/security/cve/cve-2023-53933

Patch

https://docs.s9y.org/downloads.html