CVE-2024-58282 HIGH

CVE-2024-58282: Serendipity 2.5.0 Remote Code Execution via Authenticated Media Upload

Vendor Serendipity
Product Serendipity
Weakness CWE-434 · Unrestricted file upload
Published December 10, 2025
Last update April 7, 2026

CVSS base score

8.6/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Serendipity 2.5.0 contains a remote code execution vulnerability that allows authenticated administrators to upload malicious PHP files through the media upload functionality. Attackers can exploit the file upload mechanism by creating a PHP shell with a command execution form that enables arbitrary system command execution on the web server.

Key dates

02Disclosure timeline

December 10, 2025 CVE published
April 7, 2026 Record updated

Related vulnerabilities

04Related CVE