Product
pydio cells
19 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2023-32751
CVE-2023-32750
CVE-2023-32749
CVE-2021-41324
CVE-2021-41325
CVE-2021-41323
CVE-2020-12850
CVE-2020-12849
CVE-2020-12848
CVE-2020-12853
CVE-2020-12852
CVE-2020-12851
CVE-2020-12847
CVE-2019-12903
CVE-2019-12902
CVE-2019-12901
CVE-2017-17950
CVE-2017-17949
CVE-2017-17948
< 3.0.12
Pydio Cells through 4.1.2 allows XSS. Pydio Cells implements the download of files using presigned URLs which are generated using
< 3.0.12
Pydio Cells through 4.1.2 allows SSRF. For longer running processes, Pydio Cells allows for the creation of jobs, which are run in
< 3.0.12
Pydio Cells allows users by default to create so-called external users in order to share files with them. By modifying the HTTP re
all versions
Directory traversal in the Copy, Move, and Delete features in Pydio Cells 2.2.9 allows remote authenticated users to enumerate per
all versions
Broken access control for user creation in Pydio Cells 2.2.9 allows remote anonymous users to create standard users via the profil
all versions
Directory traversal in the Compress feature in Pydio Cells 2.2.9 allows remote authenticated users to overwrite personal files, or
all versions
The following vulnerability applies only to the Pydio Cells Enterprise OVF version 2.0.4. Prior versions of the Pydio Cells Enterp
all versions
Pydio Cells 2.0.4 allows any user to upload a profile image to the web application, including standard and shared user roles. Thes
all versions
In Pydio Cells 2.0.4, once an authenticated user shares a file selecting the create a public link option, a hidden shared user acc
all versions
Pydio Cells 2.0.4 allows XSS. A malicious user can either upload or create a new file that contains potentially malicious HTML and
all versions
The update feature for Pydio Cells 2.0.4 allows an administrator user to set a custom update URL and the public RSA key used to va
all versions
Pydio Cells 2.0.4 allows an authenticated user to write or overwrite existing files in another user’s personal and cells folders
all versions
Pydio Cells 2.0.4 web application offers an administrative console named “Cells Console” that is available to users with an ad
< 1.5.0
Pydio Cells before 1.5.0, when supplied with a Name field in an unexpected Unicode format, fails to handle this and includes the d
< 1.5.0
Pydio Cells before 1.5.0 does incomplete cleanup of a user's data upon deletion. This allows a new user, holding the same User ID
< 1.5.0
Pydio Cells before 1.5.0 fails to neutralize '../' elements, allowing an attacker with minimum privilege to Upload files to, and D
all versions
Cells Blog 3.5 has SQL Injection via the pub_readpost.php ptid parameter.
all versions
Cells Blog 3.5 has XSS via the pub_readpost.php fmid parameter.
all versions
Cells Blog 3.5 has XSS via the jfdname parameter in an act=showpic request.