← Back

CVE-2018-1999018

nvd nist
Published: Jul 23, 2018Modified: Nov 21, 2024

JSON object

Loading...
6.6
Vector
CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Exploitability: 0.7 / Impact: 5.9
Source: NVD

Description

Pydio version 8.2.1 and prior contains an Unvalidated user input leading to Remote Code Execution (RCE) vulnerability in plugins/action.antivirus/AntivirusScanner.php: Line 124, scanNow($nodeObject) that can result in An attacker gaining admin access and can then execute arbitrary commands on the underlying OS. This attack appear to be exploitable via The attacker edits the Antivirus Command in the antivirus plugin, and executes the payload by uploading any file within Pydio.

Affected (1)

Products: Pydio: Pydio
Pydio
1 product
Pydio
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Pydio
Up to 8.2.1

Related CWEs

CWE-20
Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (2)

Source: cve@mitre.org
ExploitMitigationThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitMitigationThird Party Advisory

Timeline

No history available yet.