CVE-2018-1999018

Exploit

EPSS 2.82%
Veröffentlicht 23.07.2018 15:29:00
Zuletzt bearbeitet 21.11.2024 03:57:03
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Pydio version 8.2.1 and prior contains an Unvalidated user input leading to Remote Code Execution (RCE) vulnerability in plugins/action.antivirus/AntivirusScanner.php: Line 124, scanNow($nodeObject) that can result in An attacker gaining admin access and can then execute arbitrary commands on the underlying OS. This attack appear to be exploitable via The attacker edits the Antivirus Command in the antivirus plugin, and executes the payload by uploading any file within Pydio.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Pydio ≫ Pydio Version <= 8.2.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	2.82%	0.856

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.6	0.7	5.9	CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	8.5	6.8	10	AV:N/AC:M/Au:S/C:C/I:C/A:C

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://www.mike-gualtieri.com/files/Pydio-8-VulnerabilityDisclosure-Jul18.txt

Third Party Advisory

Exploit

Mitigation

https://nvd.nist.gov/vuln/detail/CVE-2018-1999018

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-1999018

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-1999018

EUVD