Remote Code Execution Vulnerability in Pydio by FDR
CVE-2018-1999018

6.6MEDIUM

Key Information:

Vendor: Pydio
Status: Pydio
Vendor: CVE Published:; 3 October 2022

What is CVE-2018-1999018?

Pydio versions up to 8.2.1 are susceptible to a vulnerability that stems from unvalidated user input in the antivirus plugin. This flaw can allow an attacker to modify the Antivirus Command within the plugin, leading to remote code execution on the server. Should an attacker successfully exploit this vulnerability, they gain admin access, enabling them to execute arbitrary commands directly on the underlying operating system. It is crucial for users of Pydio to take immediate action to mitigate this risk.

References

https://www.mike-gualtieri.com/files/Pydio-8-Vulnerabilit...

x_refsource_MISC

CVSS V3.1

Score:

6.6

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 3, 2022
Vulnerability Reserved
Jul 17, 2018

CVE-2018-1999018 Data

JSON