CVE-2018-20718 - CERT CVE

  1. CVE-2018-20718

ID CVE-2018-20718
Sažetak In Pydio before 8.2.2, an attack is possible via PHP Object Injection because a user is allowed to use the $phpserial$a:0:{} syntax to store a preference. An attacker either needs a "public link" of a file, or access to any unprivileged user account for creation of such a link.
Reference
CVSS
Base: 10.0
Impact: 10.0
Exploitability:10.0
Pristup
VektorSloženostAutentikacija
NETWORK LOW NONE
Impact
PovjerljivostCjelovitostDostupnost
COMPLETE COMPLETE COMPLETE
CVSS vektor AV:N/AC:L/Au:N/C:C/I:C/A:C
Zadnje važnije ažuriranje 24-08-2020 - 17:37
Objavljeno 15-01-2019 - 16:29