Ajaxeplorer before 5.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) archive_name parameter to the Power FS module (plugins/action.powerfs/class.PowerFSController.php), a (2) file name to the getTrustSizeOnFileSystem function in the File System (Standard) module (plugins/access.fs/class.fsAccessWrapper.php), or the (3) revision parameter to the Subversion Repository module (plugins/meta.svn/class.SvnManager.php).
References
Link | Resource |
---|---|
http://www.openwall.com/lists/oss-security/2013/08/21/16 | Mailing List Third Party Advisory |
https://github.com/pydio/pydio-core/commit/22a62840e5ac14bb389 | Patch Third Party Advisory |
https://www.tenable.com/plugins/nessus/70495 | Third Party Advisory |
Configurations
Information
Published : 2020-02-11 04:15
Updated : 2020-02-12 11:54
NVD link : CVE-2013-4267
Mitre link : CVE-2013-4267
JSON object : View
CWE
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Products Affected
pydio
- pydio