Sensitive Information Exposure in Pydio Cells before 1.5.0 via Unicode Name Field

Sensitive Information Exposure in Pydio Cells before 1.5.0 via Unicode Name Field

CVE-2019-12903 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:N/A:N

Pydio Cells before 1.5.0, when supplied with a Name field in an unexpected Unicode format, fails to handle this and includes the database column/table name as pert of the error message, exposing sensitive information.

Learn more about our Web Application Penetration Testing UK.