Description
Multiple incomplete blacklist vulnerabilities in the serendipity_isActiveFile function in include/functions_images.inc.php in Serendipity before 2.0.2 allow remote authenticated users to execute arbitrary PHP code by uploading a file with a (1) .pht or (2) .phtml extension.
Remediation
References
Related Vulnerabilities
WordPress Plugin Welcart e-Commerce Multiple Vulnerabilities (1.3.12)
WordPress Plugin Malware Finder Cross-Site Scripting (1.1)
WordPress Plugin WooCommerce PDF Invoice Bulk Download Cross-Site Scripting (1.0.0)
WordPress Plugin Smart Slideshow Arbitrary File Upload (2.4)
VMware directory traversal and privilege escalation vulnerabilities