First published: Thu Jun 04 2020(Updated: )
Pydio Cells 2.0.4 allows an authenticated user to write or overwrite existing files in another user’s personal and cells folders (repositories) by uploading a custom generated ZIP file and leveraging the file extraction feature present in the web application. The extracted files will be placed in the targeted user folders.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Abstrium Pydio Cells | =2.0.4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-12851 is a vulnerability in Pydio Cells 2.0.4 that allows an authenticated user to write or overwrite existing files in another user's personal and cells folders by uploading a custom generated ZIP file.
CVE-2020-12851 has a severity rating of 8.1, which is considered high.
CVE-2020-12851 affects Pydio Cells version 2.0.4.
The CWE ID for CVE-2020-12851 is CWE-22.
Yes, you can refer to the following links for more information: - [Pydio Cells 2.0.4 XSS File Write Code Execution - Packet Storm Security](http://packetstormsecurity.com/files/158002/Pydio-Cells-2.0.4-XSS-File-Write-Code-Execution.html) - [Core Security Advisories](https://www.coresecurity.com/advisories) - [Pydio Cells 2.0.4 Multiple Vulnerabilities - Core Security](https://www.coresecurity.com/core-labs/advisories/pydio-cells-204-multiple-vulnerabilities)