{"id":"CVE-2020-10964","details":"Serendipity before 2.3.4 on Windows allows remote attackers to execute arbitrary code because the filename of a renamed file may end with a dot. This file may then be renamed to have a .php filename.","modified":"2026-04-10T04:21:38.994771Z","published":"2020-03-25T22:15:12.217Z","references":[{"type":"ADVISORY","url":"https://blog.s9y.org/archives/290-Serendipity-2.3.4-released-security-update.html"},{"type":"ADVISORY","url":"https://github.com/s9y/Serendipity/releases/tag/2.3.4"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/s9y/serendipity","events":[{"introduced":"0"},{"fixed":"b9037fb158dd30595011734bac05f6ae5ba4facf"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"2.3.4"}]}}],"versions":["2.1-beta1","2.1-beta2","2.1-beta3","2.1-rc1","2.1.0","2.1.1","2.2.1-alpha1","2.3-beta1","2.3-rc1","2.3.0","2.3.1","2.3.2","2.3.3"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-10964.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}