Description
Directory traversal vulnerability in plugins/editor.zoho/agent/save_zoho.php in the Zoho plugin in Pydio (formerly AjaXplorer) before 5.0.4 allows remote attackers to read or delete arbitrary files via unspecified vectors.
References (5)
Core 5
Core References
Exploit, URL Repurposed x_refsource_misc
http://www.redfsec.com/CVE-2013-6226
Exploit mailing-list
x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2013-11/0043.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/88667
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/63647
Various Sources x_refsource_confirm
http://pyd.io/pydio-core-5-0-4
Scores
EPSS
0.0224
EPSS Percentile
80.7%
Details
CWE
CWE-22
Status
published
Products (37)
ajaxplorer/ajaxplorer
2.3.3
ajaxplorer/ajaxplorer
2.3.4
ajaxplorer/ajaxplorer
2.5
ajaxplorer/ajaxplorer
2.5.4
ajaxplorer/ajaxplorer
2.5.5
ajaxplorer/ajaxplorer
2.6.0
ajaxplorer/ajaxplorer
2.7.1
ajaxplorer/ajaxplorer
2.7.2
ajaxplorer/ajaxplorer
2.7.3
ajaxplorer/ajaxplorer
3.0
... and 27 more
Published
Nov 14, 2013
Tracked Since
Feb 18, 2026