CVE-2006-6242

Name of the Vulnerable Software and Affected Versions Serendipity versions 1.0.3 and earlier

Description The issue allows remote attackers to read or include arbitrary local files via a .. (dot dot) sequence in the serendipity[charset] parameter. This affects multiple scripts and plugins, including include/lang.inc.php and various serendipity event and serendipity plugin files.

Recommendations For Serendipity versions 1.0.3 and earlier, update to a version later than 1.0.3 to resolve the issue. As a temporary workaround, consider restricting access to the affected scripts and plugins until a patch is available. Avoid using the serendipity[charset] parameter in affected API endpoints until the issue is resolved.