Arbitrary File Write Vulnerability in Pydio Cells 2.0.4

Arbitrary File Write Vulnerability in Pydio Cells 2.0.4

CVE-2020-12851 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Pydio Cells 2.0.4 allows an authenticated user to write or overwrite existing files in another user’s personal and cells folders (repositories) by uploading a custom generated ZIP file and leveraging the file extraction feature present in the web application. The extracted files will be placed in the targeted user folders.

Learn more about our Web App Pen Testing.