If you are using Serendipity, stop everything you are doing and read this:
Serendipity 1.5.3 has been released, as a security-fix release with no other relevant changes.
A security issue has been discovered by Stefan Esser during the course of the Month of PHP Security. This issue was found in the WYSIWYG-Library Xinha (that Serendipity uses), and affects certain plugins to Xinha (Linker, ImageManager, ExtendedFileManager, InsertSnippet) which can use a dynamic configuration loader. This loader allows to upload file with arbitrary PHP-Code and thus allows remote code execution, even when not logged in to the Xinha/Serendipity backend.
Due to the seriousness of this bug, we urge everyone to upgrade their installations. People who don’t want the hassle of a full upgrade and are not using the mentioned Xinha-plugins actively, can simply delete the file htmlarea/contrib/php-xinha.php, which will render the mentioned plugins and exploits useless.
Now go and update your blogs as soon as possible. You can either just remove that file or do a full-blown update. Our scanner will now also alert on old versions being used.
![More on Dnsden[.]biz Swipers and Radix Obfuscation](https://blog.sucuri.net/wp-content/uploads/2019/03/03192019-uncommon-radixes-uses-in-malware-obfuscation-update_blog-390x183.jpg)
Denis Sinegubko
Fioravante Souza
Juliana Lewis
Victor Santoyo
Cesar Anjos
Ben Martin
Kayleigh Martin