CVE-2018-1999018

Name of the Vulnerable Software and Affected Versions Pydio versions 8.2.1 and prior

Description The issue is related to unvalidated user input, leading to remote code execution. This can result in an attacker gaining admin access and executing arbitrary commands on the underlying OS. The attack is exploitable by editing the Antivirus Command in the antivirus plugin and executing the payload by uploading any file within Pydio.

Recommendations For Pydio versions 8.2.1 and prior, at the moment, there is no information about a newer version that contains a fix for this vulnerability.