CVE-2013-6227

Name of the Vulnerable Software and Affected Versions Pydio versions prior to 5.0.4

Description The issue is related to an unrestricted file upload vulnerability in the Zoho plugin. This allows remote attackers to execute arbitrary code by uploading an executable file and then accessing it at a specified location. The vulnerability can be exploited by utilizing the format parameter of a move operation.

Recommendations For versions prior to 5.0.4, update to version 5.0.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the plugins/editor.zoho/agent/save zoho.php file to minimize the risk of exploitation. Avoid using the format parameter in move operations until the issue is resolved.