Serendipity Remote Code Execution

HIGH (7.2) No Patch (9 days)
cwe-434cmsphpremote-code-executionserendipityvulnerability

Threat Intelligence

Low Risk
EPSS Score: 0.57% chance of exploitation (percentile: 68%)
🔍 Detection Tools: None available in major open-source tools
⚔️ Exploit Availability: No public exploits found

How we test →

What is it?

Serendipity is a web-based content management system used by some organizations for managing and publishing online content. The vulnerability allows authenticated administrators to upload malicious PHP files through the media upload functionality, potentially leading to arbitrary system command execution on the web server.

Am I affected?

Specific version info not stated in the advisory. If you don't recognise this software, you're probably not affected.

Affected Products

Serendipity Team / Serendipity

How to fix

  1. Upgrade to Serendipity version 2.6.0 or later from the official website: https://docs.s9y.org/
  2. If immediate upgrade isn't possible:
  3. Restrict network access to your Serendipity instance (firewall it from the public internet)
  4. Audit admin account activity for suspicious access patterns
  5. Monitor for unauthorized file uploads

References