Exploitation Summary
EIP tracks 1 public exploit for CVE-2013-6227. PoCs published by _jazz______.
AI-analyzed exploit summary This exploit demonstrates an unauthenticated arbitrary file upload and read vulnerability in Pydio/AjaXplorer due to insufficient sanitization of user-supplied input in the 'save_zoho.php' script. It allows directory traversal via the 'format' and 'name' parameters, enabling file uploads and reads in arbitrary locations.
Description
Unrestricted file upload vulnerability in plugins/editor.zoho/agent/save_zoho.php in the Zoho plugin in Pydio (formerly AjaXplorer) before 5.0.4 allows remote attackers to execute arbitrary code by uploading an executable file, and then accessing this file at a location specified by the format parameter of a move operation.
Exploits (1)
This exploit demonstrates an unauthenticated arbitrary file upload and read vulnerability in Pydio/AjaXplorer due to insufficient sanitization of user-supplied input in the 'save_zoho.php' script. It allows directory traversal via the 'format' and 'name' parameters, enabling file uploads and reads in arbitrary locations.