File Upload and Deletion Vulnerability in Pydio Cells by Pydio
CVE-2019-12901

8.8HIGH

Key Information:

Vendor: Pydio
Status: Cells
Vendor: CVE Published:; 20 June 2019

What is CVE-2019-12901?

Pydio Cells versions prior to 1.5.0 contain a vulnerability that fails to adequately neutralize directory traversal sequences, specifically '../' elements. This flaw allows attackers with low-level privileges to upload or delete files and directories in areas where they should not have access. Such actions can lead to unauthorized privilege escalation, posing a significant security risk to systems utilizing this software.

References

https://research.loginsoft.com/vulnerability/multiple-vul...

x_refsource_MISC

https://pydio.com/en/community/releases/pydio-cells/pydio...

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 20, 2019
Vulnerability Reserved
Jun 19, 2019

CVE-2019-12901 Data

JSON