Vulnerability Description
Pydio Cells 2.0.4 allows an authenticated user to write or overwrite existing files in another user’s personal and cells folders (repositories) by uploading a custom generated ZIP file and leveraging the file extraction feature present in the web application. The extracted files will be placed in the targeted user folders.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Pydio | Cells | 2.0.4 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/158002/Pydio-Cells-2.0.4-XSS-File-Write-CodThird Party Advisory
- https://www.coresecurity.com/advisoriesThird Party Advisory
- https://www.coresecurity.com/core-labs/advisories/pydio-cells-204-multiple-vulneExploitThird Party Advisory
- http://packetstormsecurity.com/files/158002/Pydio-Cells-2.0.4-XSS-File-Write-CodThird Party Advisory
- https://www.coresecurity.com/advisoriesThird Party Advisory
- https://www.coresecurity.com/core-labs/advisories/pydio-cells-204-multiple-vulneExploitThird Party Advisory
FAQ
What is CVE-2020-12851?
CVE-2020-12851 is a vulnerability with a CVSS score of 8.1 (HIGH). Pydio Cells 2.0.4 allows an authenticated user to write or overwrite existing files in another user’s personal and cells folders (repositories) by uploading a custom generated ZIP file and leveraging ...
How severe is CVE-2020-12851?
CVE-2020-12851 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-12851?
Check the references section above for vendor advisories and patch information. Affected products include: Pydio Cells.