First published: Wed Jun 19 2019(Updated: )
Pydio Cells before 1.5.0 fails to neutralize '../' elements, allowing an attacker with minimum privilege to Upload files to, and Delete files/folders from, an unprivileged directory, leading to Privilege escalation.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Abstrium Pydio Cells | <1.5.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID of this vulnerability is CVE-2019-12901.
The title of this vulnerability is 'Pydio Cells before 1.5.0 fails to neutralize ../ elements allowing an attacker with minimum privilege...'.
The severity level of CVE-2019-12901 is high.
The affected software version is Pydio Cells up to but not including 1.5.0.
This vulnerability can be exploited by an attacker with minimum privilege to upload and delete files/folders in an unprivileged directory, leading to privilege escalation.