PHP Object Injection Vulnerability in Pydio before 8.2.2

PHP Object Injection Vulnerability in Pydio before 8.2.2

CVE-2018-20718 · HIGH Severity

AV:N/AC:L/AU:N/C:C/I:C/A:C

In Pydio before 8.2.2, an attack is possible via PHP Object Injection because a user is allowed to use the $phpserial$a:0:{} syntax to store a preference. An attacker either needs a "public link" of a file, or access to any unprivileged user account for creation of such a link.

Learn more about our User Device Pen Test.