3 matches found
CVE-2019-12901
Pydio Cells before 1.5.0 fails to neutralize '../' elements, allowing an attacker with minimum privilege to Upload files to, and Delete files/folders from, an unprivileged directory, leading to Privilege escalation...
CVE-2019-12901
Pydio Cells before 1.5.0 fails to neutralize '../' elements, allowing an attacker with minimum privilege to Upload files to, and Delete files/folders from, an unprivileged directory, leading to Privilege escalation...
CVE-2019-12901
Pydio Cells (before version 1.5.0) contains an input handling flaw where '../../' path elements are not neutralized, enabling a user with minimal privileges to upload or delete files in an unprivileged directory and thus escalate privileges. The issue is documented across multiple sources (NVD, R...