AjaXplorer 'save_zoho.php' Arbitrary File Upload Vulnerability

AjaXplorer renamed Pydio is a software that enables file management functions on the remote side via local... An arbitrary file upload vulnerability exists in AjaXplorer 'savezoho.php' because the application fails to adequately filter user-supplied input. An attacker can exploit this vulnerabili...

PT-2014-3067 · Zoho +1 · Zoho +1

Name of the Vulnerable Software and Affected Versions: Pydio versions prior to 5.0.4 Description: The issue is related to an unrestricted file upload vulnerability in the Zoho plugin. This allows remote attackers to execute arbitrary code by uploading an executable file and then accessing it at a...