Published: 27/12/2014 Updated: 14/02/2024

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 755

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Unrestricted file upload vulnerability in plugins/editor.zoho/agent/save_zoho.php in the Zoho plugin in Pydio (formerly AjaXplorer) prior to 5.0.4 allows remote malicious users to execute arbitrary code by uploading an executable file, and then accessing this file at a location specified by the format parameter of a move operation.

Vulnerable Product	Search on Vulmon	Subscribe to Product
pydio pydio
ajaxplorer ajaxplorer

# Exploit Title: Unauthenticated Arbitrary File Upload Vulnerability In Pydio/AjaXplorer 503 – 335 # Date: 01/18/2019 # Exploit Author: @_jazz______ # Vendor Homepage: pydiocom/ # Software Link: sourceforgenet/projects/ajaxplorer/files/ajaxplorer/stable-channel/423/ajaxplorer-core-423targz/download # Version: ajaXplore ...

Pydio / AjaXplorer versions 503 and below suffer from an unrestricted upload functionality that allows for remote code execution ...

Pydio / AjaXplorer versions 503 and below suffer from directory traversal and remote shell upload vulnerabilities ...

NVD-CWE-Other http://pyd.io/pydio-core-5-0-4/http://www.redfsec.com/CVE-2013-6227 https://www.exploit-db.com/exploits/46206/https://nvd.nist.gov https://www.exploit-db.com/exploits/46206

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2013-6227

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect