Vulnerability-Lookup

CNVD-2018-14211

Vulnerability from cnvd - Published: 2018-07-30

Title

Pydio远程代码执行漏洞

Description

Pydio（前称AjaXplorer）是一款基于Web的远程文件管理器。该管理器支持上传和下载文件、在线文件编辑、图片预览等。 Pydio 8.2.1及之前版本在plugins/action.antivirus/AntivirusScanner.php文件的‘scanNow($nodeObject)’参数存在安全漏洞。攻击者可通过在反病毒插件中编辑反病毒命令并执行载荷利用该漏洞获取管理访问权限，从而在底层操作系统上执行任意命令。

Severity

高

Formal description

厂商尚未提供漏洞修复方案，请关注厂商主页更新： https://pydio.com/

Reference

https://nvd.nist.gov/vuln/detail/CVE-2018-1999018

Impacted products

Name
Pydio Pydio <=8.2.1

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-1999018"
    }
  },
  "description": "Pydio\uff08\u524d\u79f0AjaXplorer\uff09\u662f\u4e00\u6b3e\u57fa\u4e8eWeb\u7684\u8fdc\u7a0b\u6587\u4ef6\u7ba1\u7406\u5668\u3002\u8be5\u7ba1\u7406\u5668\u652f\u6301\u4e0a\u4f20\u548c\u4e0b\u8f7d\u6587\u4ef6\u3001\u5728\u7ebf\u6587\u4ef6\u7f16\u8f91\u3001\u56fe\u7247\u9884\u89c8\u7b49\u3002\r\n\r\nPydio 8.2.1\u53ca\u4e4b\u524d\u7248\u672c\u5728plugins/action.antivirus/AntivirusScanner.php\u6587\u4ef6\u7684\u2018scanNow($nodeObject)\u2019\u53c2\u6570\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u5728\u53cd\u75c5\u6bd2\u63d2\u4ef6\u4e2d\u7f16\u8f91\u53cd\u75c5\u6bd2\u547d\u4ee4\u5e76\u6267\u884c\u8f7d\u8377\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u7ba1\u7406\u8bbf\u95ee\u6743\u9650\uff0c\u4ece\u800c\u5728\u5e95\u5c42\u64cd\u4f5c\u7cfb\u7edf\u4e0a\u6267\u884c\u4efb\u610f\u547d\u4ee4\u3002",
  "discovererName": "Unknow",
  "formalWay": "\u5382\u5546\u5c1a\u672a\u63d0\u4f9b\u6f0f\u6d1e\u4fee\u590d\u65b9\u6848\uff0c\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u66f4\u65b0\uff1a\r\nhttps://pydio.com/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-14211",
  "openTime": "2018-07-30",
  "products": {
    "product": "Pydio Pydio \u003c=8.2.1"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2018-1999018",
  "serverity": "\u9ad8",
  "submitTime": "2018-07-24",
  "title": "Pydio\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e"
}

CVE-2018-1999018 (GCVE-0-2018-1999018)

Vulnerability from cvelistv5 – Published: 2018-07-23 15:00 – Updated: 2024-09-16 18:33

Summary

Pydio version 8.2.1 and prior contains an Unvalidated user input leading to Remote Code Execution (RCE) vulnerability in plugins/action.antivirus/AntivirusScanner.php: Line 124, scanNow($nodeObject) that can result in An attacker gaining admin access and can then execute arbitrary commands on the underlying OS. This attack appear to be exploitable via The attacker edits the Antivirus Command in the antivirus plugin, and executes the payload by uploading any file within Pydio.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

https://www.mike-gualtieri.com/files/Pydio-8-Vuln…

x_refsource_MISC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T12:47:57.561Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.mike-gualtieri.com/files/Pydio-8-VulnerabilityDisclosure-Jul18.txt"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "dateAssigned": "2018-07-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Pydio version 8.2.1 and prior contains an Unvalidated user input leading to Remote Code Execution (RCE) vulnerability in plugins/action.antivirus/AntivirusScanner.php: Line 124, scanNow($nodeObject) that can result in An attacker gaining admin access and can then execute arbitrary commands on the underlying OS. This attack appear to be exploitable via The attacker edits the Antivirus Command in the antivirus plugin, and executes the payload by uploading any file within Pydio."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-07-23T15:00:00Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.mike-gualtieri.com/files/Pydio-8-VulnerabilityDisclosure-Jul18.txt"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "DATE_ASSIGNED": "2018-07-20T20:44:32.985224",
          "DATE_REQUESTED": "2018-07-17T04:00:28",
          "ID": "CVE-2018-1999018",
          "REQUESTER": "mike.gualtieri@gmail.com",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Pydio version 8.2.1 and prior contains an Unvalidated user input leading to Remote Code Execution (RCE) vulnerability in plugins/action.antivirus/AntivirusScanner.php: Line 124, scanNow($nodeObject) that can result in An attacker gaining admin access and can then execute arbitrary commands on the underlying OS. This attack appear to be exploitable via The attacker edits the Antivirus Command in the antivirus plugin, and executes the payload by uploading any file within Pydio."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.mike-gualtieri.com/files/Pydio-8-VulnerabilityDisclosure-Jul18.txt",
              "refsource": "MISC",
              "url": "https://www.mike-gualtieri.com/files/Pydio-8-VulnerabilityDisclosure-Jul18.txt"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2018-1999018",
    "datePublished": "2018-07-23T15:00:00Z",
    "dateReserved": "2018-07-23T00:00:00Z",
    "dateUpdated": "2024-09-16T18:33:28.083Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2018-14211

CVE-2018-1999018 (GCVE-0-2018-1999018)

Tags

Sightings

Nomenclature