Описание
Pydio 6.0.8 allows Authenticated SSRF during a Remote Link Feature download. An attacker can specify an intranet address in the file parameter to index.php, when sending a file to a remote server, as demonstrated by the file=http%3A%2F%2F192.168.1.2 substring.
Ссылки
- ExploitThird Party Advisory
- Product
- Release Notes
- ExploitThird Party Advisory
- Product
- Release Notes
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:pydio:pydio:6.0.8:*:*:*:*:*:*:*
EPSS
Процентиль: 54%
0.0031
Низкий
7.7 High
CVSS3
4 Medium
CVSS2
Дефекты
CWE-918
Связанные уязвимости
CVSS3: 7.7
debian
больше 6 лет назад
Pydio 6.0.8 allows Authenticated SSRF during a Remote Link Feature dow ...
CVSS3: 7.7
github
больше 3 лет назад
Pydio 6.0.8 allows Authenticated SSRF during a Remote Link Feature download. An attacker can specify an intranet address in the file parameter to index.php, when sending a file to a remote server, as demonstrated by the file=http%3A%2F%2F192.168.1.2 substring.
EPSS
Процентиль: 54%
0.0031
Низкий
7.7 High
CVSS3
4 Medium
CVSS2
Дефекты
CWE-918