Unrestricted file upload vulnerability in plugins/editor.zoho/agent/save_zoho.php in the Zoho plugin in Pydio (formerly AjaXplorer) before 5.0.4 allows remote attackers to execute arbitrary code by uploading an executable file, and then accessing this file at a location specified by the format parameter of a move operation.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2014-12-27T18:00:00
Updated: 2024-08-06T17:38:58.982Z
Reserved: 2013-10-21T00:00:00
Link: CVE-2013-6227
Vulnrichment
No data.
NVD
Status : Modified
Published: 2014-12-27T18:59:04.587
Modified: 2024-11-21T01:58:53.040
Link: CVE-2013-6227
Redhat
No data.