Jazz

**Name of the Vulnerable Software and Affected Versions** Pydio versions prior to 5.0.4 **Description** The issue is related to an unrestricted file upload vulnerability in the Zoho plugin. This allows remote attackers to execute arbitrary code by uploading an executable file and then accessing it at a specified location. The vulnerability can be exploited by utilizing the `format` parameter of a move operation. **Recommendations** For versions prior to 5.0.4, update to version 5.0.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the `plugins/editor.zoho/agent/save zoho.php` file to minimize the risk of exploitation. Avoid using the `format` parameter in move operations until the issue is resolved.