CVE-2015-6968

Name of the Vulnerable Software and Affected Versions Serendipity versions prior to 2.0.2

Description The issue is related to multiple incomplete blacklist vulnerabilities in the serendipity isActiveFile function, located in include/functions images.inc.php. This allows remote authenticated users to execute arbitrary PHP code by uploading files with specific extensions, such as .pht or .phtml.

Recommendations For versions prior to 2.0.2, update to version 2.0.2 or later to resolve the issue. As a temporary workaround, consider restricting file uploads to only trusted users or disabling the upload functionality until the update is applied. Additionally, restrict access to the serendipity isActiveFile function in include/functions images.inc.php to minimize the risk of exploitation.