Skip to main content

Cells

16 CVEs product

Monthly

CVE-2023-32751 MEDIUM POC This Month

Pydio Cells through 4.1.2 allows XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Cells
NVD Exploit-DB
CVSS 3.1
5.4
EPSS
2.9%
CVE-2023-32750 MEDIUM POC This Month

Pydio Cells through 4.1.2 allows SSRF. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Cells
NVD Exploit-DB
CVSS 3.1
6.5
EPSS
3.8%
CVE-2023-32749 HIGH POC THREAT This Week

Pydio Cells allows users by default to create so-called external users in order to share files with them. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Cells
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
14.2%
CVE-2021-41324 MEDIUM This Month

Directory traversal in the Copy, Move, and Delete features in Pydio Cells 2.2.9 allows remote authenticated users to enumerate personal files (or Cells files belonging to any user) via the nodes. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Cells
NVD GitHub
CVSS 3.1
6.5
EPSS
2.1%
CVE-2021-41325 MEDIUM This Month

Broken access control for user creation in Pydio Cells 2.2.9 allows remote anonymous users to create standard users via the profile parameter. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Cells
NVD GitHub
CVSS 3.1
6.5
EPSS
1.1%
CVE-2021-41323 MEDIUM This Month

Directory traversal in the Compress feature in Pydio Cells 2.2.9 allows remote authenticated users to overwrite personal files, or Cells files belonging to any user, via the format parameter. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Cells
NVD GitHub
CVSS 3.1
6.5
EPSS
2.0%
CVE-2020-12850 HIGH POC This Week

The following vulnerability applies only to the Pydio Cells Enterprise OVF version 2.0.4. Rated high severity (CVSS 7.0). Public exploit code available and no vendor patch available.

Privilege Escalation Cells
NVD
CVSS 3.1
7.0
EPSS
0.5%
CVE-2020-12849 MEDIUM POC This Month

Pydio Cells 2.0.4 allows any user to upload a profile image to the web application, including standard and shared user roles. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Cells
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2020-12848 MEDIUM POC This Month

In Pydio Cells 2.0.4, once an authenticated user shares a file selecting the create a public link option, a hidden shared user account is created in the backend with a random username. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Cells
NVD
CVSS 3.1
5.4
EPSS
1.1%
CVE-2020-12853 MEDIUM POC This Month

Pydio Cells 2.0.4 allows XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Cells
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-12852 MEDIUM POC This Month

The update feature for Pydio Cells 2.0.4 allows an administrator user to set a custom update URL and the public RSA key used to validate the downloaded update package. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Cells
NVD
CVSS 3.1
6.8
EPSS
2.4%
CVE-2020-12851 HIGH POC This Week

Pydio Cells 2.0.4 allows an authenticated user to write or overwrite existing files in another user’s personal and cells folders (repositories) by uploading a custom generated ZIP file and leveraging. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Cells
NVD
CVSS 3.1
8.1
EPSS
1.5%
CVE-2020-12847 HIGH POC This Week

Pydio Cells 2.0.4 web application offers an administrative console named “Cells Console” that is available to users with an administrator role. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Cells
NVD
CVSS 3.1
7.2
EPSS
1.7%
CVE-2019-12903 MEDIUM This Month

Pydio Cells before 1.5.0, when supplied with a Name field in an unexpected Unicode format, fails to handle this and includes the database column/table name as pert of the error message, exposing. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Cells
NVD
CVSS 3.0
4.3
EPSS
0.9%
CVE-2019-12902 MEDIUM This Month

Pydio Cells before 1.5.0 does incomplete cleanup of a user's data upon deletion. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Cells
NVD
CVSS 3.0
6.5
EPSS
1.1%
CVE-2019-12901 HIGH This Week

Pydio Cells before 1.5.0 fails to neutralize '../' elements, allowing an attacker with minimum privilege to Upload files to, and Delete files/folders from, an unprivileged directory, leading to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Path Traversal Cells
NVD
CVSS 3.0
8.8
EPSS
1.7%
EPSS 3% CVSS 5.4
MEDIUM POC This Month

Pydio Cells through 4.1.2 allows XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Cells
NVD Exploit-DB
EPSS 4% CVSS 6.5
MEDIUM POC This Month

Pydio Cells through 4.1.2 allows SSRF. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Cells
NVD Exploit-DB
EPSS 14% CVSS 8.8
HIGH POC THREAT This Week

Pydio Cells allows users by default to create so-called external users in order to share files with them. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Cells
NVD Exploit-DB
EPSS 2% CVSS 6.5
MEDIUM This Month

Directory traversal in the Copy, Move, and Delete features in Pydio Cells 2.2.9 allows remote authenticated users to enumerate personal files (or Cells files belonging to any user) via the nodes. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Cells
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM This Month

Broken access control for user creation in Pydio Cells 2.2.9 allows remote anonymous users to create standard users via the profile parameter. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Cells
NVD GitHub
EPSS 2% CVSS 6.5
MEDIUM This Month

Directory traversal in the Compress feature in Pydio Cells 2.2.9 allows remote authenticated users to overwrite personal files, or Cells files belonging to any user, via the format parameter. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Cells
NVD GitHub
EPSS 0% CVSS 7.0
HIGH POC This Week

The following vulnerability applies only to the Pydio Cells Enterprise OVF version 2.0.4. Rated high severity (CVSS 7.0). Public exploit code available and no vendor patch available.

Privilege Escalation Cells
NVD
EPSS 1% CVSS 5.4
MEDIUM POC This Month

Pydio Cells 2.0.4 allows any user to upload a profile image to the web application, including standard and shared user roles. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Cells
NVD
EPSS 1% CVSS 5.4
MEDIUM POC This Month

In Pydio Cells 2.0.4, once an authenticated user shares a file selecting the create a public link option, a hidden shared user account is created in the backend with a random username. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Cells
NVD
EPSS 1% CVSS 6.1
MEDIUM POC This Month

Pydio Cells 2.0.4 allows XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Cells
NVD
EPSS 2% CVSS 6.8
MEDIUM POC This Month

The update feature for Pydio Cells 2.0.4 allows an administrator user to set a custom update URL and the public RSA key used to validate the downloaded update package. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Cells
NVD
EPSS 1% CVSS 8.1
HIGH POC This Week

Pydio Cells 2.0.4 allows an authenticated user to write or overwrite existing files in another user’s personal and cells folders (repositories) by uploading a custom generated ZIP file and leveraging. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Cells
NVD
EPSS 2% CVSS 7.2
HIGH POC This Week

Pydio Cells 2.0.4 web application offers an administrative console named “Cells Console” that is available to users with an administrator role. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Cells
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Pydio Cells before 1.5.0, when supplied with a Name field in an unexpected Unicode format, fails to handle this and includes the database column/table name as pert of the error message, exposing. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Cells
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Pydio Cells before 1.5.0 does incomplete cleanup of a user's data upon deletion. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Cells
NVD
EPSS 2% CVSS 8.8
HIGH This Week

Pydio Cells before 1.5.0 fails to neutralize '../' elements, allowing an attacker with minimum privilege to Upload files to, and Delete files/folders from, an unprivileged directory, leading to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Path Traversal Cells
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy