Описание
Unrestricted file upload vulnerability in plugins/editor.zoho/agent/save_zoho.php in the Zoho plugin in Pydio (formerly AjaXplorer) before 5.0.4 allows remote attackers to execute arbitrary code by uploading an executable file, and then accessing this file at a location specified by the format parameter of a move operation.
Ссылки
- PatchVendor Advisory
- URL Repurposed
- PatchVendor Advisory
- URL Repurposed
Уязвимые конфигурации
Конфигурация 1Версия до 5.0.3 (включая)Версия до 5.0.3 (включая)
Одно из
cpe:2.3:a:ajaxplorer:ajaxplorer:*:*:*:*:*:*:*:*
cpe:2.3:a:pydio:pydio:*:*:*:*:*:*:*:*
EPSS
Процентиль: 93%
0.09501
Низкий
7.5 High
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
больше 3 лет назад
Unrestricted file upload vulnerability in plugins/editor.zoho/agent/save_zoho.php in the Zoho plugin in Pydio (formerly AjaXplorer) before 5.0.4 allows remote attackers to execute arbitrary code by uploading an executable file, and then accessing this file at a location specified by the format parameter of a move operation.
EPSS
Процентиль: 93%
0.09501
Низкий
7.5 High
CVSS2
Дефекты
NVD-CWE-Other