Serendipity Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2023-53933)
Description
Serendipity 2.4.0 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files with .phar extension. Attackers can upload files with system command payloads to the media upload endpoint and execute arbitrary commands on the server.