CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2019-15033

Pydio 6.0.8 allows Authenticated SSRF during a Remote Link Feature download. An attacker can specify an intranet address in the file parameter to index.php, when sending a file to a remote server, as demonstrated by the file=http%3A%2F%2F192.168.1.2 substring.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 55.0%

CVSS Severity

CVSS v3 Score 7.7

CVSS v2 Score 4.0

References

https://heitorgouvea.me/2019/09/17/CVE-2019-15033
https://pydio.com
https://sourceforge.net/projects/ajaxplorer/files/pydio/stable-channel/
https://heitorgouvea.me/2019/09/17/CVE-2019-15033
https://pydio.com
https://sourceforge.net/projects/ajaxplorer/files/pydio/stable-channel/

Products affected by CVE-2019-15033

Pydio » Pydio » Version: 6.0.8

cpe:2.3:a:pydio:pydio:6.0.8

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-15033

Products

Pricing

Contact Us