CVE-2018-20718

CVE-2018-20718

In Pydio before 8.2.2, an attack is possible via PHP Object Injection because a user is allowed to use the $phpserial$a:0:{} syntax to store a preference. An attacker either needs a "public link" of a file, or access to any unprivileged user account for creation of such a link.

Source: CVE-2018-20718

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다