Vulnerabilities > Pydio > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-08 | CVE-2023-32749 | Incorrect Authorization vulnerability in Pydio Cells Pydio Cells allows users by default to create so-called external users in order to share files with them. | 8.8 |
| 2020-06-11 | CVE-2020-12850 | Improper Privilege Management vulnerability in Pydio Cells 2.0.4 The following vulnerability applies only to the Pydio Cells Enterprise OVF version 2.0.4. | 7.0 |
| 2020-06-04 | CVE-2020-12851 | Path Traversal vulnerability in Pydio Cells 2.0.4 Pydio Cells 2.0.4 allows an authenticated user to write or overwrite existing files in another user’s personal and cells folders (repositories) by uploading a custom generated ZIP file and leveraging the file extraction feature present in the web application. | 8.1 |
| 2020-06-04 | CVE-2020-12847 | Unspecified vulnerability in Pydio Cells 2.0.4 Pydio Cells 2.0.4 web application offers an administrative console named “Cells Console” that is available to users with an administrator role. | 7.2 |
| 2020-03-17 | CVE-2019-20453 | Deserialization of Untrusted Data vulnerability in Pydio A problem was found in Pydio Core before 8.2.4 and Pydio Enterprise before 8.2.4. | 8.8 |
| 2020-03-17 | CVE-2019-20452 | Deserialization of Untrusted Data vulnerability in Pydio A problem was found in Pydio Core before 8.2.4 and Pydio Enterprise before 8.2.4. | 8.8 |
| 2019-09-19 | CVE-2019-15033 | Server-Side Request Forgery (SSRF) vulnerability in Pydio 6.0.8 Pydio 6.0.8 allows Authenticated SSRF during a Remote Link Feature download. | 7.7 |
| 2019-06-20 | CVE-2019-12901 | Path Traversal vulnerability in Pydio Cells Pydio Cells before 1.5.0 fails to neutralize '../' elements, allowing an attacker with minimum privilege to Upload files to, and Delete files/folders from, an unprivileged directory, leading to Privilege escalation. | 8.8 |
| 2019-05-31 | CVE-2019-10049 | Cross-site Scripting vulnerability in Pydio It is possible for an attacker with regular user access to the web application of Pydio through 8.2.2 to trick an administrator user into opening a link shared through the application, that in turn opens a shared file that contains JavaScript code (that is executed in the context of the victim user to obtain sensitive information such as session identifiers and perform actions on behalf of him/her). | 7.3 |
| 2019-05-31 | CVE-2019-10048 | OS Command Injection vulnerability in Pydio The ImageMagick plugin that is installed by default in Pydio through 8.2.2 does not perform the appropriate validation and sanitization of user supplied input in the plugin's configuration options, allowing arbitrary shell commands to be entered that result in command execution on the underlying operating system, with the privileges of the local user running the web server. | 7.2 |