CVE-2023-53933

HIGH

Serendipity 2.4.0 - Authenticated Remote Code Execution via PHAR File Upload

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-53933. PoCs published by Mirabbas Ağalarov.

AI-analyzed exploit summary This exploit demonstrates an authenticated RCE vulnerability in Serendipity 2.4.0 via file upload. The attacker uploads a malicious PHAR file containing PHP code to execute system commands, leveraging improper file type validation.

Description

Serendipity 2.4.0 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files with .phar extension. Attackers can upload files with system command payloads to the media upload endpoint and execute arbitrary commands on the server.

Exploits (1)

exploitdb WORKING POC
by Mirabbas Ağalarov · textwebappsphp
https://www.exploit-db.com/exploits/51372

This exploit demonstrates an authenticated RCE vulnerability in Serendipity 2.4.0 via file upload. The attacker uploads a malicious PHAR file containing PHP code to execute system commands, leveraging improper file type validation.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Serendipity 2.4.0
Auth required
Prerequisites: Authenticated access to Serendipity admin panel · File upload permissions
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit, Third Party Advisory, VDB Entry exploit
https://www.exploit-db.com/exploits/51372
Product product
https://docs.s9y.org/

Scores

CVSS v3 8.8
EPSS 0.0087
EPSS Percentile 54.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact total

Details

CWE
CWE-434
Status published
Products (2)
s9y/serendipity 2.4.0
s9y/Serendipity 2.4.0
Published Dec 17, 2025
Tracked Since Feb 18, 2026