CVE-2018-14772

HIGH

Pydio <8.2.1 - Authenticated Command Injection

Title source: llm

Description

Pydio 4.2.1 through 8.2.1 has an authenticated remote code execution vulnerability in which an attacker with administrator access to the web application can execute arbitrary code on the underlying system via Command Injection.

Exploits (2)

nomisec WORKING POC 1 stars

by killvxk · poc

https://github.com/killvxk/CVE-2018-14772

View Code ZIP pw:eip

inthewild

poc

https://github.com/spencerdodd/cve-2018-14772

View on inthewild

References (1)

[Patch, Technical Description, Third Party Advisory] http://coastalsec.io/cve-2018-14772-remote-code-execution

Scores

CVSS v3 7.2

EPSS 0.3382

EPSS Percentile 97.0%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-78

Status published

Products (1)

pydio/pydio 4.2.1 - 8.2.1

Published Oct 16, 2018

Tracked Since Feb 18, 2026