Unrated severityOSV Advisory· Published Jan 15, 2019· Updated Aug 5, 2024
CVE-2018-20718
CVE-2018-20718
Description
In Pydio before 8.2.2, an attack is possible via PHP Object Injection because a user is allowed to use the $phpserial$a:0:{} syntax to store a preference. An attacker either needs a "public link" of a file, or access to any unprivileged user account for creation of such a link.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: 6.2rc, ajaxplorer-core-4.3.1, ajaxplorer-core-4.3.2, …
Patches
Vulnerability mechanics
References
1- blog.ripstech.com/2018/pydio-unauthenticated-remote-code-execution/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.