VYPR

Pydio Cells

by Pydio

CVEs (4)

  • CVE-2010-10013CriAug 8, 2025
    risk 0.64cvss epss 0.01

    An unauthenticated remote command execution vulnerability exists in AjaXplorer (now known as Pydio Cells) versions prior to 2.6. The flaw resides in the checkInstall.php script within the access.ssh plugin, which fails to properly sanitize user-supplied input to the destServer…

  • CVE-2019-15033HigSep 19, 2019
    risk 0.50cvss 7.7epss 0.01

    Pydio 6.0.8 allows Authenticated SSRF during a Remote Link Feature download. An attacker can specify an intranet address in the file parameter to index.php, when sending a file to a remote server, as demonstrated by the file=http%3A%2F%2F192.168.1.2 substring.

  • CVE-2019-15032MedSep 19, 2019
    risk 0.35cvss 5.3epss 0.02

    Pydio 6.0.8 mishandles error reporting when a directory allows unauthenticated uploads, and the remote-upload option is used with the http://localhost:22 URL. The attacker can obtain sensitive information such as the name of the user who created that directory and other internal…

  • CVE-2023-2979MedMay 30, 2023
    risk 0.31cvss 4.7epss 0.01

    A vulnerability classified as critical has been found in Abstrium Pydio Cells 4.2.0. This affects an unknown part of the component User Creation Handler. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been…