Количество 3
Количество 3
CVE-2018-20718
In Pydio before 8.2.2, an attack is possible via PHP Object Injection because a user is allowed to use the $phpserial$a:0:{} syntax to store a preference. An attacker either needs a "public link" of a file, or access to any unprivileged user account for creation of such a link.
CVE-2018-20718
In Pydio before 8.2.2, an attack is possible via PHP Object Injection ...
GHSA-qhmw-m62m-p9xh
In Pydio before 8.2.2, an attack is possible via PHP Object Injection because a user is allowed to use the $phpserial$a:0:{} syntax to store a preference. An attacker either needs a "public link" of a file, or access to any unprivileged user account for creation of such a link.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2018-20718 In Pydio before 8.2.2, an attack is possible via PHP Object Injection because a user is allowed to use the $phpserial$a:0:{} syntax to store a preference. An attacker either needs a "public link" of a file, or access to any unprivileged user account for creation of such a link. | CVSS3: 9.8 | 9% Низкий | около 7 лет назад |
| CVE-2018-20718 In Pydio before 8.2.2, an attack is possible via PHP Object Injection ... | CVSS3: 9.8 | 9% Низкий | около 7 лет назад |
| GHSA-qhmw-m62m-p9xh In Pydio before 8.2.2, an attack is possible via PHP Object Injection because a user is allowed to use the $phpserial$a:0:{} syntax to store a preference. An attacker either needs a "public link" of a file, or access to any unprivileged user account for creation of such a link. | CVSS3: 9.8 | 9% Низкий | больше 3 лет назад |
Уязвимостей на страницу