File Upload Vulnerability in Pydio Cells by Pydio
CVE-2020-12851

8.1HIGH

Key Information:

Vendor

Pydio

Status
Cells
Vendor
CVE Published:
4 June 2020

What is CVE-2020-12851?

Pydio Cells 2.0.4 is susceptible to a file upload vulnerability that allows authenticated users to write or overwrite files in other users' personal and shared folders. This is achieved by uploading a specially crafted ZIP file, which exploits the application's file extraction mechanism. Consequently, the extracted files are directed to the targeted user’s folders, posing a significant risk to user data integrity and confidentiality.

References

https://www.coresecurity.com/advisories
x_refsource_MISC
https://www.coresecurity.com/core-labs/advisories/pydio-c...
x_refsource_MISC
http://packetstormsecurity.com/files/158002/Pydio-Cells-2...
x_refsource_MISC

CVSS V3.1

Score:
8.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.