CVE-2024-58282

UNKNOWN 0.0

Serendipity 2.5.0 Remote Code Execution via Authenticated Media Upload

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

Serendipity 2.5.0 contains a remote code execution vulnerability that allows authenticated administrators to upload malicious PHP files through the media upload functionality. Attackers can exploit the file upload mechanism by creating a PHP shell with a command execution form that enables arbitrary system command execution on the web server.

CWE	CWE-434
Vendor	serendipity
Product	serendipity
Published	Dec 10, 2025
Last Updated	Apr 7, 2026

Stay Ahead of the Next One

Get instant alerts for serendipity serendipity

Be the first to know when new unknown vulnerabilities affecting serendipity serendipity are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Serendipity / Serendipity

2.5.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

exploit-db.com: https://www.exploit-db.com/exploits/52036 docs.s9y.org: https://docs.s9y.org/ s9y.org: https://www.s9y.org/latest vulncheck.com: https://www.vulncheck.com/advisories/serendipity-remote-code-execution-via-authenticated-media-upload

Credits

Ahmet Ümit BAYRAM