CVE-2018-20718 This is a POC for CVE-2018-20718 It is a PHP Object injection vulnerability The vulnerability affect all version of Pydio before 821 and leads to Unauthenticated Remote Code Execution It was originaly found by RIPS I found a gadget in Pydio\Core\Controller\ShutdownScheduler which allows remote code execution if combined with the already known GuzzleHttp\Psr