Description
Unrestricted file upload vulnerability in Serendipity before 1.5 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension followed by a safe extension, then accessing it via a direct request to the file in an unspecified directory. NOTE: some of these details are obtained from third party information.
Remediation
References
Related Vulnerabilities
XWiki Improper Neutralization of Alternate XSS Syntax Vulnerability (CVE-2023-35158)
WordPress Plugin Freetobook review widget Unspecified Vulnerability (1.0)
WordPress Plugin Import all XML, CSV & TXT into WordPress Arbitrary File Upload (6.4)
WordPress Plugin Gravity Forms Cross-Site Scripting (2.0.6.5)