Unrestricted file upload vulnerability in plugins/editor.zoho/agent/save_zoho.php in the Zoho plugin in Pydio (formerly AjaXplorer) prior to 5.0.4 allows remote malicious users to execute arbitrary code by uploading an executable file, and then accessing this file at a location specified by the format parameter of a move operation.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
pydio pydio |
||
ajaxplorer ajaxplorer |