Arbitrary Code Execution via Unrestricted File Upload in Zoho Plugin for Pydio

Arbitrary Code Execution via Unrestricted File Upload in Zoho Plugin for Pydio

CVE-2013-6227 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

Unrestricted file upload vulnerability in plugins/editor.zoho/agent/save_zoho.php in the Zoho plugin in Pydio (formerly AjaXplorer) before 5.0.4 allows remote attackers to execute arbitrary code by uploading an executable file, and then accessing this file at a location specified by the format parameter of a move operation.

Learn more about our Web Application Penetration Testing UK.