CVE Tools
Sign in

CVE-2020-12847

Published: Jun 4, 2020Updated: Nov 21, 2024 Sources: CVE List NVDNVD-CWE-noinfo
NVD MITRE
7.2CVSSHIGH
EPSS Score
1.7%
Top 26.0%
CISA KEV
Not in KEV
Exploits
1 Known
Remediation
No Fix Available

Description

Pydio Cells 2.0.4 web application offers an administrative console named “Cells Console” that is available to users with an administrator role. This console provides an administrator user with the possibility of changing several settings, including the application’s mailer configuration. It is possible to configure a few engines to be used by the mailer application to send emails. If the user selects the “sendmail” option as the default one, the web application offers to edit the full path where the sendmail binary is hosted. Since there is no restriction in place while editing this value, an attacker authenticated as an administrator user could force the web application into executing any arbitrary binary.

CVSS Vector Breakdown

AV:NAC:LPR:HUI:NS:UC:HI:HA:H
Exploitability
AV:NAttack Vector
Network
AC:LAttack Complexity
Low
PR:HPrivileges Required
High
UI:NUser Interaction
None
Scope
S:UScope
Unchanged
Impact
C:HConfidentiality
High
I:HIntegrity
High
A:HAvailability
High
Open in CVSS calculator →

Weaknesses

NVD-CWE-noinfo

Affected Products

n/an/a
cellspydio
On-prem
Enterprise Software / collaboration-groupware
pydiooss-projectEnterprise Softwareaka cells, pydio, pydio cells

Exploitability

1 exploit source identified

Exploit details including PoC links, Metasploit modules, and scanner templates are available after registration.

View exploit details

References

https://www.coresecurity.com/advisories
coresecurity.com
https://www.coresecurity.com/core-labs/advisories/pydio-cells-204-multiple-vulnerabilities
coresecurity.com
http://packetstormsecurity.com/files/158002/Pydio-Cells-2.0.4-XSS-File-Write-Code-Execution.html
packetstormsecurity.com

Timeline

Published
Jun 4, 2020
Last Updated
Nov 21, 2024

Unlock Complete Vulnerability Intelligence

Get the full picture for CVE-2020-12847 and every CVE in our database. Create a free account — no credit card required.

Create Free Account
Plain-language analysis
Impact assessment and exploitation scenario in plain English
Attack graph visualization
Interactive attack path and kill chain mapping
Exploit details & PoC links
ExploitDB, Metasploit, GitHub PoCs with direct links
Nuclei scanner templates
Ready-to-use vulnerability scanner templates
Full remediation guide
Patch instructions, workarounds, and compliance impact
Interactive AI chat
Ask questions about this vulnerability in natural language
Related vulnerabilities
Semantically similar CVEs and attack patterns
REST API & MCP access
Integrate vulnerability data into your workflows