I've recently stumbled upon an RCE "exploit" for the Serendipity blog software, which I happen to use and have contributed to in the past. From what I can tell, it does nothing interesting (it does not even work due to broken indents, if one fixes that it uploads a PHP shell given existing credentials, but that won't be executed unless you have a server config that executes .inc files). I'm 95% certain this is bogus. Yet... in case anyone wants to have a look:

GitHub

Exploit (probably bogus) on exploit-db · Issue #940 · s9y/Serendipity

I stumbled upon this: https://www.exploit-db.com/exploits/52036 This claims to be a remote code execution exploit for serendipity. I believe it is ...