Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
pydio vulnerabilities and exploits
(subscribe to this query)
10
CVSSv2
CVE-2013-4267
Ajaxeplorer prior to 5.0.1 allows remote malicious users to execute arbitrary commands via shell metacharacters in the (1) archive_name parameter to the Power FS module (plugins/action.powerfs/class.PowerFSController.php), a (2) file name to the getTrustSizeOnFileSystem function ...
Pydio Pydio
7.5
CVSSv2
CVE-2019-9642
An issue exists in proxy.php in pydio-core in Pydio up to and including 8.2.2. Through an unauthenticated request, it possible to evaluate malicious PHP code by placing it on the fourth line of a .php file, as demonstrated by a PoC.php created by the guest account, with execution...
Pydio Pydio
9
CVSSv2
CVE-2018-14772
Pydio 4.2.1 up to and including 8.2.1 has an authenticated remote code execution vulnerability in which an attacker with administrator access to the web application can execute arbitrary code on the underlying system via Command Injection.
Pydio Pydio
8.5
CVSSv2
CVE-2018-1999018
Pydio version 8.2.1 and prior contains an Unvalidated user input leading to Remote Code Execution (RCE) vulnerability in plugins/action.antivirus/AntivirusScanner.php: Line 124, scanNow($nodeObject) that can result in An attacker gaining admin access and can then execute arbitrar...
Pydio Pydio
6.5
CVSSv2
CVE-2019-20452
A problem was found in Pydio Core prior to 8.2.4 and Pydio Enterprise prior to 8.2.4. A PHP object injection is present in the page plugins/core.access/src/RecycleBinManager.php. An authenticated user with basic privileges can inject objects and achieve remote code execution.
Pydio Pydio
5
CVSSv2
CVE-2019-10046
An unauthenticated attacker can obtain information about the Pydio 8.2.2 configuration including session timeout, libraries, and license information.
Pydio Pydio 8.2.2
4
CVSSv2
CVE-2019-15033
Pydio 6.0.8 allows Authenticated SSRF during a Remote Link Feature download. An attacker can specify an intranet address in the file parameter to index.php, when sending a file to a remote server, as demonstrated by the file=http%3A%2F%2F192.168.1.2 substring.
Pydio Pydio 6.0.8
5
CVSSv2
CVE-2019-15032
Pydio 6.0.8 mishandles error reporting when a directory allows unauthenticated uploads, and the remote-upload option is used with the http://localhost:22 URL. The attacker can obtain sensitive information such as the name of the user who created that directory and other internal ...
Pydio Pydio 6.0.8
7.5
CVSSv2
CVE-2013-6227
Unrestricted file upload vulnerability in plugins/editor.zoho/agent/save_zoho.php in the Zoho plugin in Pydio (formerly AjaXplorer) prior to 5.0.4 allows remote malicious users to execute arbitrary code by uploading an executable file, and then accessing this file at a location s...
Pydio Pydio
Ajaxplorer Ajaxplorer
1 EDB exploit
NA
CVE-2023-32749
Pydio Cells allows users by default to create so-called external users in order to share files with them. By modifying the HTTP request sent when creating such an external user, it is possible to assign the new user arbitrary roles. By assigning all roles to a newly created user,...
Pydio Cells
1 Github repository
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »