Unrated severityOSV Advisory· Published Dec 17, 2025· Updated Apr 7, 2026
Serendipity 2.4.0 Authenticated Remote Code Execution via File Upload
CVE-2023-53933
Description
Serendipity 2.4.0 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files with .phar extension. Attackers can upload files with system command payloads to the media upload endpoint and execute arbitrary commands on the server.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: 2.1-beta1, 2.1-beta2, 2.1-beta3, …
- Range: =2.4.0
Patches
Vulnerability mechanics
References
3- www.exploit-db.com/exploits/51372mitreexploit
- www.vulncheck.com/advisories/serendipity-authenticated-remote-code-execution-via-file-uploadmitrethird-party-advisory
- docs.s9y.orgmitreproduct
News mentions
0No linked articles in our index yet.