CVE-2019-12901
HIGHPydio Cells < 1.5.0 - Path Traversal and Arbitrary File Write via Directory Traversal
Title source: llmDescription
Pydio Cells before 1.5.0 fails to neutralize '../' elements, allowing an attacker with minimum privilege to Upload files to, and Delete files/folders from, an unprivileged directory, leading to Privilege escalation.
References (2)
Core 2
Core References
Third Party Advisory x_refsource_misc
https://research.loginsoft.com/vulnerability/multiple-vulnerabilities-in-pydio-cells-1-4-1/
Release Notes, Vendor Advisory x_refsource_misc
https://pydio.com/en/community/releases/pydio-cells/pydio-cells-150-performances-features-security
Scores
CVSS v3
8.8
EPSS
0.0166
EPSS Percentile
73.7%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-22
Status
published
Products (1)
pydio/cells
< 1.5.0
Published
Jun 20, 2019
Tracked Since
Feb 18, 2026