CVE-2023-53933

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2023-53933

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-53933.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-53933

Published

2025-12-17T23:15:52.973Z

Modified

2025-12-26T09:49:45.758014Z

Severity

8.7 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X CVSS Calculator

Summary

[none]

Details

Serendipity 2.4.0 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files with .phar extension. Attackers can upload files with system command payloads to the media upload endpoint and execute arbitrary commands on the server.

References

Affected packages

Git / github.com/s9y/serendipity

Affected ranges

Type: GIT
Repo: https://github.com/s9y/serendipity
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

4abf02c1a382c416c87e0848201242a7855a85db

Affected versions

2.*

2.1-beta1

2.1-beta2

2.1-beta3

2.1-rc1

2.1.0

2.1.1

2.2.1-alpha1

2.3-beta1

2.3-rc1

2.3.0

2.4-beta1

2.4.0

Other

svn

v1.*

v1.4

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-53933.json"