Vulnerabilities > Pydio > Pydio > 4.2.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-07-23 | CVE-2018-1999018 | Improper Input Validation vulnerability in Pydio Pydio version 8.2.1 and prior contains an Unvalidated user input leading to Remote Code Execution (RCE) vulnerability in plugins/action.antivirus/AntivirusScanner.php: Line 124, scanNow($nodeObject) that can result in An attacker gaining admin access and can then execute arbitrary commands on the underlying OS. | 8.5 |
| 2018-07-23 | CVE-2018-1999017 | Server-Side Request Forgery (SSRF) vulnerability in Pydio Pydio version 8.2.0 and earlier contains a Server-Side Request Forgery (SSRF) vulnerability in plugins/action.updater/UpgradeManager.php Line: 154, getUpgradePath($url) that can result in an authenticated admin users requesting arbitrary URL's, pivoting requests through the server. | 4.0 |
| 2018-07-23 | CVE-2018-1999016 | Cross-site Scripting vulnerability in Pydio Pydio version 8.2.0 and earlier contains a Cross Site Scripting (XSS) vulnerability in ./core/vendor/meenie/javascript-packer/example-inline.php line 48; ./core/vendor/dapphp/securimage/examples/test.mysql.static.php lines: 114,118 that can result in an unauthenticated remote attacker manipulating the web client via XSS code injection. | 4.3 |
| 2017-09-19 | CVE-2015-3432 | Cross-site Scripting vulnerability in Pydio Multiple cross-site scripting (XSS) vulnerabilities in Pydio (formerly AjaXplorer) before 6.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Pydio XSS Vulnerabilities." | 4.3 |
| 2017-09-19 | CVE-2015-3431 | OS Command Injection vulnerability in Pydio Pydio (formerly AjaXplorer) before 6.0.7 allows remote attackers to execute arbitrary commands via unspecified vectors, aka "Pydio OS Command Injection Vulnerabilities." | 10.0 |