The media manager in Serendipity before 0.8 allows remote attackers to upload and execute arbitrary (1) .php or (2) .shtml files.
| Software | From | Fixed in |
|---|---|---|
| s9y / serendipity | 0.4 | 0.4.x |
| s9y / serendipity | 0.7 | 0.7.x |
| s9y / serendipity | 0.7_beta1 | 0.7_beta1.x |
| s9y / serendipity | 0.8_beta_6 | 0.8_beta_6.x |
| s9y / serendipity | 0.7.1 | 0.7.1.x |
| s9y / serendipity | 0.5_pl1 | 0.5_pl1.x |
| s9y / serendipity | 0.7_beta3 | 0.7_beta3.x |
| s9y / serendipity | 0.7_beta4 | 0.7_beta4.x |
| s9y / serendipity | 0.8_beta_5 | 0.8_beta_5.x |
| s9y / serendipity | 0.3 | 0.3.x |
| s9y / serendipity | 0.6_pl3 | 0.6_pl3.x |
| s9y / serendipity | 0.7_beta2 | 0.7_beta2.x |
| s9y / serendipity | 0.7_rc1 | 0.7_rc1.x |