PHP Code Execution Vulnerability in Pydio Core by Pydio
CVE-2019-9642

9.8CRITICAL

Key Information:

Vendor: Pydio
Status: Pydio
Vendor: CVE Published:; 5 June 2019

What is CVE-2019-9642?

A vulnerability in the proxy.php file of Pydio Core allows for the execution of arbitrary PHP code through unauthenticated requests. By placing malicious PHP code in the specified location of a .php file, attackers can trigger the code execution via specific requests, compromising the integrity of the application. This vulnerability has implications for the security of Pydio, particularly affecting the management of file-sharing functionality.

References

https://github.com/pydio/pydio-core/commits/develop/core/...

x_refsource_MISC

https://pydio.com/en/community/releases/pydio-core/pydio-...

x_refsource_CONFIRM

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 5, 2019
Vulnerability Reserved
Mar 9, 2019

CVE-2019-9642 Data

JSON