PT-2019-13010 · Pydio · Pydio Cells
Publicado
2019-06-19
·
Atualizado
2020-08-24
·
CVE-2019-12901
CVSS v3.1
8.8
Alta
| Vetor | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Pydio Cells versions prior to 1.5.0
Description
The issue allows an attacker with minimum privilege to upload files to and delete files or folders from an unprivileged directory. This can lead to privilege escalation due to the failure to neutralize '../' elements.
Recommendations
For versions prior to 1.5.0, update to version 1.5.0 or later to resolve the issue.
Correção
Path traversal
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Pydio Cells