Directory Traversal Vulnerability in Pydio Cells before 1.5.0 Allows Privilege Escalation

Directory Traversal Vulnerability in Pydio Cells before 1.5.0 Allows Privilege Escalation

CVE-2019-12901 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:P/A:P

Pydio Cells before 1.5.0 fails to neutralize '../' elements, allowing an attacker with minimum privilege to Upload files to, and Delete files/folders from, an unprivileged directory, leading to Privilege escalation.

Learn more about our Web Application Penetration Testing UK.