CVE-2018-14772

Pydio 4.2.1 through 8.2.1 has an authenticated remote code execution vulnerability in which an attacker with administrator access to the web application can execute arbitrary code on the underlying system via Command Injection.
References
Link Resource
http://coastalsec.io/cve-2018-14772-remote-code-execution Patch Technical Description Third Party Advisory
http://coastalsec.io/cve-2018-14772-remote-code-execution Patch Technical Description Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:pydio:pydio:*:*:*:*:*:*:*:*

History

21 Nov 2024, 03:49

Type Values Removed Values Added
References () http://coastalsec.io/cve-2018-14772-remote-code-execution - Patch, Technical Description, Third Party Advisory () http://coastalsec.io/cve-2018-14772-remote-code-execution - Patch, Technical Description, Third Party Advisory

Information

Published : 2018-10-16 22:29

Updated : 2024-11-21 03:49


NVD link : CVE-2018-14772

Mitre link : CVE-2018-14772

CVE.ORG link : CVE-2018-14772


JSON object : View

Products Affected

pydio

  • pydio
CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')