Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
pydio pydio vulnerabilities and exploits
(subscribe to this query)
7.2
CVSSv3
CVE-2019-10048
The ImageMagick plugin that is installed by default in Pydio up to and including 8.2.2 does not perform the appropriate validation and sanitization of user supplied input in the plugin's configuration options, allowing arbitrary shell commands to be entered that result in co...
Pydio Pydio
8.8
CVSSv3
CVE-2019-20453
A problem was found in Pydio Core prior to 8.2.4 and Pydio Enterprise prior to 8.2.4. A PHP object injection is present in the page plugins/uploader.http/HttpDownload.php. An authenticated user with basic privileges can inject objects and achieve remote code execution.
Pydio Pydio
9.8
CVSSv3
CVE-2018-20718
In Pydio prior to 8.2.2, an attack is possible via PHP Object Injection because a user is allowed to use the $phpserial$a:0:{} syntax to store a preference. An attacker either needs a "public link" of a file, or access to any unprivileged user account for creation of su...
Pydio Pydio
1 Github repository
7.2
CVSSv3
CVE-2018-14772
Pydio 4.2.1 up to and including 8.2.1 has an authenticated remote code execution vulnerability in which an attacker with administrator access to the web application can execute arbitrary code on the underlying system via Command Injection.
Pydio Pydio
7.3
CVSSv3
CVE-2019-10049
It is possible for an attacker with regular user access to the web application of Pydio up to and including 8.2.2 to trick an administrator user into opening a link shared through the application, that in turn opens a shared file that contains JavaScript code (that is executed in...
Pydio Pydio
5.3
CVSSv3
CVE-2019-15032
Pydio 6.0.8 mishandles error reporting when a directory allows unauthenticated uploads, and the remote-upload option is used with the http://localhost:22 URL. The attacker can obtain sensitive information such as the name of the user who created that directory and other internal ...
Pydio Pydio 6.0.8
7.7
CVSSv3
CVE-2019-15033
Pydio 6.0.8 allows Authenticated SSRF during a Remote Link Feature download. An attacker can specify an intranet address in the file parameter to index.php, when sending a file to a remote server, as demonstrated by the file=http%3A%2F%2F192.168.1.2 substring.
Pydio Pydio 6.0.8
5.3
CVSSv3
CVE-2019-10046
An unauthenticated attacker can obtain information about the Pydio 8.2.2 configuration including session timeout, libraries, and license information.
Pydio Pydio 8.2.2
NA
CVE-2013-6227
Unrestricted file upload vulnerability in plugins/editor.zoho/agent/save_zoho.php in the Zoho plugin in Pydio (formerly AjaXplorer) prior to 5.0.4 allows remote malicious users to execute arbitrary code by uploading an executable file, and then accessing this file at a location s...
Pydio Pydio
Ajaxplorer Ajaxplorer
1 EDB exploit
6.5
CVSSv3
CVE-2023-32750
Pydio Cells up to and including 4.1.2 allows SSRF. For longer running processes, Pydio Cells allows for the creation of jobs, which are run in the background. The job "remote-download" can be used to cause the backend to send a HTTP GET request to a specified URL and sa...
Pydio Cells
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »