CVE-2020-12851

Name of the Vulnerable Software and Affected Versions Pydio Cells version 2.0.4

Description The issue allows an authenticated user to write or overwrite existing files in another user's personal and cells folders by uploading a custom generated ZIP file and leveraging the file extraction feature present in the web application. The extracted files will be placed in the targeted user folders.

Recommendations For Pydio Cells version 2.0.4, consider disabling the file extraction feature as a temporary workaround until a patch is available. Restrict access to the file upload functionality to minimize the risk of exploitation.