Arbitrary Command Execution in Pydio ImageMagick Plugin
CVE-2019-10048

7.2HIGH

Key Information:

Vendor: Pydio
Status: Pydio
Vendor: CVE Published:; 31 May 2019

What is CVE-2019-10048?

The default ImageMagick plugin in Pydio version 8.2.2 lacks proper input validation and sanitization for configuration options. This oversight permits an authenticated administrator to execute arbitrary shell commands on the server, leveraging the privileges of the web server's local user account. This vulnerability underscores the importance of ensuring robust validation mechanisms within plugin configurations to prevent potential exploitation.

References

https://www.secureauth.com/labs/advisories

x_refsource_MISC

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 31, 2019
Vulnerability Reserved
Mar 25, 2019

CVE-2019-10048 Data

JSON