CVE-2009-4412

Published: Dec 24, 2009Modified: Apr 23, 2026

6.0

Vector

AV:N/AC:M/Au:S/C:P/I:P/A:P

Exploitability: 6.8 / Impact: 6.4

Source: NVD

Description

Unrestricted file upload vulnerability in Serendipity before 1.5 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension followed by a safe extension, then accessing it via a direct request to the file in an unspecified directory. NOTE: some of these details are obtained from third party information.

Affected (34)

Products: S9y: Serendipity

S9y

1 product

Serendipity

Configuration A

34 vulnerable

Vulnerable Software	Affected Versions
S9y Serendipity	Up to 1.5
S9y Serendipity	Version 0.3
S9y Serendipity	Version 0.4
S9y Serendipity	Version 0.5
S9y Serendipity	Version 0.5 pl1
S9y Serendipity	Version 0.6
S9y Serendipity	Version 0.6 pl3
S9y Serendipity	Version 0.7.1
S9y Serendipity	Version 0.7
S9y Serendipity	Version 0.8.1
S9y Serendipity	Version 0.8.2
S9y Serendipity	Version 0.8.3
S9y Serendipity	Version 0.8.4
S9y Serendipity	Version 0.8.5
S9y Serendipity	Version 0.8
S9y Serendipity	Version 0.9.1
S9y Serendipity	Version 0.9
S9y Serendipity	Version 1.0.1
S9y Serendipity	Version 1.0.2
S9y Serendipity	Version 1.0.3
S9y Serendipity	Version 1.0.4
S9y Serendipity	Version 1.0
S9y Serendipity	Version 1.1.1
S9y Serendipity	Version 1.1.2
S9y Serendipity	Version 1.1.3
S9y Serendipity	Version 1.1.4
S9y Serendipity	Version 1.1
S9y Serendipity	Version 1.1 beta1
S9y Serendipity	Version 1.2.1
S9y Serendipity	Version 1.2
S9y Serendipity	Version 1.3.1
S9y Serendipity	Version 1.3
S9y Serendipity	Version 1.4.1
S9y Serendipity	Version 1.4