CVE-2020-12851
HIGHPydio Cells 2.0.4 - Authenticated Path Traversal and Arbitrary File Write via ZIP Extraction
Title source: llmDescription
Pydio Cells 2.0.4 allows an authenticated user to write or overwrite existing files in another user’s personal and cells folders (repositories) by uploading a custom generated ZIP file and leveraging the file extraction feature present in the web application. The extracted files will be placed in the targeted user folders.
References (3)
Core 3
Core References
Third Party Advisory x_refsource_misc
https://www.coresecurity.com/advisories
Exploit, Third Party Advisory x_refsource_misc
https://www.coresecurity.com/core-labs/advisories/pydio-cells-204-multiple-vulnerabilities
Third Party Advisory x_refsource_misc
http://packetstormsecurity.com/files/158002/Pydio-Cells-2.0.4-XSS-File-Write-Code-Execution.html
Scores
CVSS v3
8.1
EPSS
0.0145
EPSS Percentile
70.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Details
CWE
CWE-22
Status
published
Products (1)
pydio/cells
2.0.4
Published
Jun 04, 2020
Tracked Since
Feb 18, 2026