Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the wp-import-export-lite domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u918112125/domains/exploit.company/public_html/wp-includes/functions.php on line 6121

Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the insert-headers-and-footers domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u918112125/domains/exploit.company/public_html/wp-includes/functions.php on line 6121

Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the wp-pagenavi domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u918112125/domains/exploit.company/public_html/wp-includes/functions.php on line 6121
Pydio Cells 4.1.2 - Server-Side Request Forgery - exploit.company
header-logo
Suggest Exploit
vendor:
Update to fixed versions: 4.2.0, 4.1.3, 3.0.12
by:
a list of URLs can be specified and in the parameter ""target"" a path can be specified in which to save the response. When the job is started
\""target\"":\""cell/renamed.txt\""
CVSS
\""targetParent\"":false}"" } The body contains a JSON object with a job name and additional parameters for the job. Besides the ""move"" job
Server-Side Request Forgery
which are uploaded to the specified folder within Pydio Cells. Potential errors are transmitted"
CWE
Product Name: Update to fixed versions: 4.2.0, 4.1.3, 3.0.12
Affected Version From: 2023
Affected Version To: Unknown
Patch Exists: MEDIUM
Related CWE: HTTP GET requests are sent from the Pydio Cells server to the specified URLs. The responses are saved into a file
CPE: CVE-2023-32750
Metasploit: 4.1.2 and earlier versions
Other Scripts: a:pydio:pydio_cells:4.1.2
CVSS Metrics: https://www.exploit-db.com/raw/51498
Nuclei References: Pydio
Nuclei Metadata: Pydio Cells
Platforms Tested: YES
also a job with the name ""remote-download"" exists. It takes two additional parameters: ""urls"" and ""target"". In the ""urls"" parameter

Pydio Cells 4.1.2 – Server-Side Request Forgery

Using the REST-API of Pydio Cells it is possible to start jobs. For example, when renaming a file or folder an HTTP request similar to the following is sent: PUT /a/jobs/user/move HTTP/2 Host: example.com User-Agent: agent Accept: application/json Authorization: Bearer G4ZRN[...] Content-Type: application/json Content-Length: 140 { "JobName": "move", "JsonParameters": "{"nodes"":[""cell/file.txt""]

Mitigation:

6.5
Source

Exploit-DB raw data:

Navigation

Suggest Exploit

Services By CQR

cqrsecured