Serendipity · Serendipity · CVE-2020-10964
**Name of the Vulnerable Software and Affected Versions**
Serendipity versions prior to 2.3.4
**Description**
The issue allows remote attackers to execute arbitrary code. This is possible because the filename of a renamed file may end with a dot, and this file may then be renamed to have a .php filename.
**Recommendations**
For versions prior to 2.3.4, update to version 2.3.4 or later to resolve the issue.