Command Injection Vulnerability in Pydio by Forks
CVE-2015-3431

9.8CRITICAL

Key Information:

Vendor: Pydio
Status: Pydio
Vendor: CVE Published:; 19 September 2017

What is CVE-2015-3431?

The command injection vulnerability in Pydio (formerly known as AjaXplorer) allows attackers to execute arbitrary commands remotely. This issue exists in versions before 6.0.7 and can be exploited through unspecified vectors. Attackers leveraging this vulnerability can gain unauthorized control over the system, posing significant security risks. It is crucial for users of affected versions to update to the latest release to mitigate potential threats.

References

https://pydio.com/en/community/releases/pydio-core/pydio-...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/74596

vdb-entryx_refsource_BID

EPSS Score

6% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 19, 2017
Vulnerability Reserved
Apr 27, 2015

CVE-2015-3431 Data

JSON