Unrestricted file upload vulnerability in plugins/editor.zoho/agent/save_zoho.php in the Zoho plugin in Pydio (formerly AjaXplorer) before 5.0.4 allows remote attackers to execute arbitrary code by uploading an executable file, and then accessing this file at a location specified by the format parameter of a move operation.
References
Link | Resource |
---|---|
http://pyd.io/pydio-core-5-0-4/ | Patch Vendor Advisory |
http://www.redfsec.com/CVE-2013-6227 | |
https://www.exploit-db.com/exploits/46206/ |
Configurations
Configuration 1 (hide)
|
Information
Published : 2014-12-27 10:59
Updated : 2019-01-19 03:29
NVD link : CVE-2013-6227
Mitre link : CVE-2013-6227
JSON object : View
CWE
Products Affected
ajaxplorer
- ajaxplorer
pydio
- pydio