CVE-2018-14772

EPSS 33.82%
Veröffentlicht 16.10.2018 22:29:01
Zuletzt bearbeitet 21.11.2024 03:49:45
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

Pydio 4.2.1 through 8.2.1 has an authenticated remote code execution vulnerability in which an attacker with administrator access to the web application can execute arbitrary code on the underlying system via Command Injection.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Pydio ≫ Pydio Version >= 4.2.1 <= 8.2.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	33.82%	0.965

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.2	1.2	5.9	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	9	8	10	AV:N/AC:L/Au:S/C:C/I:C/A:C

CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

http://coastalsec.io/cve-2018-14772-remote-code-execution

Patch

Third Party Advisory

Technical Description

https://nvd.nist.gov/vuln/detail/CVE-2018-14772

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-14772

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-14772

EUVD