Description
Unrestricted file upload vulnerability in plugins/editor.zoho/agent/save_zoho.php in the Zoho plugin in Pydio (formerly AjaXplorer) before 5.0.4 allows remote attackers to execute arbitrary code by uploading an executable file, and then accessing this file at a location specified by the format parameter of a move operation.
Exploits (1)
References (3)
Core 3
Core References
Exploit, Third Party Advisory exploit
x_refsource_exploit-db
https://www.exploit-db.com/exploits/46206/
Patch, Vendor Advisory x_refsource_misc
http://pyd.io/pydio-core-5-0-4/
URL Repurposed x_refsource_misc
http://www.redfsec.com/CVE-2013-6227
Scores
EPSS
0.1941
EPSS Percentile
95.4%
Details
Status
published
Products (2)
ajaxplorer/ajaxplorer
< 5.0.3
pydio/pydio
< 5.0.3
Published
Dec 27, 2014
Tracked Since
Feb 18, 2026