Security Advisory

CVE-2019-15033

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2019-09-19 16:12:30

Last updated 2024-08-05 00:34:53

Assigner mitre

State PUBLISHED

Description

Pydio 6.0.8 allows Authenticated SSRF during a Remote Link Feature download. An attacker can specify an intranet address in the file parameter to index.php, when sending a file to a remote server, as demonstrated by the file=http%3A%2F%2F192.168.1.2 substring.

← Browse all CVEs View on cve.org ↗