CVE-2018-1999018

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2018-1999018

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-1999018.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2018-1999018

Published

2018-07-23T15:29:00.657Z

Modified

2026-04-10T04:08:02.308239Z

Severity

6.6 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Pydio version 8.2.1 and prior contains an Unvalidated user input leading to Remote Code Execution (RCE) vulnerability in plugins/action.antivirus/AntivirusScanner.php: Line 124, scanNow($nodeObject) that can result in An attacker gaining admin access and can then execute arbitrary commands on the underlying OS. This attack appear to be exploitable via The attacker edits the Antivirus Command in the antivirus plugin, and executes the payload by uploading any file within Pydio.

References

https://www.mike-gualtieri.com/files/Pydio-8-VulnerabilityDisclosure-Jul18.txt

Affected packages

Git / github.com/pydio/pydio-core

Affected ranges

Type

GIT

Repo

https://github.com/pydio/pydio-core

Events

Introduced

Last affected

f77e8d415100c92989c0f08ea82651e4da32ccb2

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "8.2.1"
        }
    ]
}

Affected versions

6.*

6.2rc

ajaxplorer-core-4.*

ajaxplorer-core-4.3.1

ajaxplorer-core-4.3.2

ajaxplorer-core-4.3.3

ajaxplorer-core-4.3.4

ajaxplorer-core-5.*

ajaxplorer-core-5.0.0

ajaxplorer-core-5.0.1

ajaxplorer-core-5.0.2

pydio-core-5.*

pydio-core-5.1.0

pydio-core-5.1.1

pydio-core-5.2.0

pydio-core-5.2.1

pydio-core-5.2.2

pydio-core-5.2.3

pydio-core-5.2.4

pydio-core-5.2.5

pydio-core-6.*

pydio-core-6.0.0

pydio-core-6.0.1

pydio-core-6.0.2

pydio-core-6.0.3

pydio-core-6.0.4

pydio-core-6.0.5

pydio-core-6.0.6

pydio-core-6.0.7

pydio-core-6.0.8

pydio-core-6.2.0

pydio-core-6.2.1

pydio-core-6.2.2

pydio-core-6.2.2rc

pydio-core-6.2.2rc2

pydio-core-6.2.2rc3

pydio-core-6.3.1

pydio-core-6.4.0

pydio-core-6.4.0rc1

pydio-core-6.4.0rc2

pydio-core-6.4.0rc3

pydio-core-6.4.1

pydio-core-6.4.2

pydio-core-6.4.2rc1

pydio-core-7.*

pydio-core-7.0.2

pydio-core-7.0.3

pydio-core-8.*

pydio-core-8.0.1

pydio-core-8.2.0

pydio-core-8.2.1

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-1999018.json"