Lucene search
+L

CVE-2019-10045

🗓️ 31 May 2019 21:09:15Reported by mitreType 
cve
 cve
🔗 web.nvd.nist.gov👁 272 Views🌐 WEB

"Pydio web app 8.2.2 discloses session cookie enabling impersonation.

Related
Detection
Refs
Paths
ReporterTitlePublishedViews
Family
zdt
Pydio 8 Command Execution / Cross Site Scripting Vulnerabilities
29 Mar 201900:00
zdt
cvelist
CVE-2019-10045
31 May 201921:09
cvelist
euvd
EUVD-2019-2109
7 Oct 202500:30
euvd
nvd
CVE-2019-10045
31 May 201922:29
nvd
openvas
Pydio Core <= 8.2.2 Multiple Vulnerabilities
3 Jun 201900:00
openvas
packetstorm
Pydio 8 Command Execution / Cross Site Scripting
29 Mar 201900:00
packetstorm
prion
Design/Logic Flaw
31 May 201922:29
prion
redhatcve
CVE-2019-10045
22 May 202508:06
redhatcve
NVD
Node
pydiopydioRange8.2.2
ParameterPositionPathDescriptionCWE
get_actionrequest bodyindex.phpDisclosure of current user session identifier via get_sess_id (session cookie value returned in response).CWE-384
get_sess_idrequest bodyindex.phpDisclosure of current user session identifier via get_sess_id (session cookie value returned in response).CWE-384
secure_tokenrequest bodyindex.phpDisclosure of current user session identifier via get_sess_id (session cookie value returned in response).CWE-384
get_actionrequest bodyindex.phpUnauthenticated/information exposure via display_doc to reveal application/version information (CREDITS).CWE-384
doc_filerequest bodyindex.phpUnauthenticated/information exposure via display_doc to reveal application/version information (CREDITS).CWE-384
secure_tokenrequest bodyindex.phpUnauthenticated/information exposure via display_doc to reveal application/version information (CREDITS).CWE-384
get_actionquery paramindex.php?get_action=get_boot_confInformation disclosure of boot/configuration data via get_boot_conf.CWE-384
get_actionquery paramindex.phpStored XSS path: open_file for xss.html enabling script execution when opened by admin user.CWE-384
repository_idquery paramindex.phpStored XSS path: open_file for xss.html enabling script execution when opened by admin user.CWE-384
filequery paramindex.phpStored XSS path: open_file for xss.html enabling script execution when opened by admin user.CWE-384
Rows per page

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

17 Jun 2026 02:10Current
6.5Medium risk
Vulners AI Score6.5
CVSS 26.4
CVSS 36.5
EPSS0.01031
272