CVE-2013-6227

high

Published 2014-12-27 · Modified 2026-05-06

CVSS v3

—

CVSS v2

7.5

VIR risk

7.5

Description

Unrestricted file upload vulnerability in plugins/editor.zoho/agent/save_zoho.php in the Zoho plugin in Pydio (formerly AjaXplorer) before 5.0.4 allows remote attackers to execute arbitrary code by uploading an executable file, and then accessing this file at a location specified by the format parameter of a move operation.

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — http://pyd.io/pydio-core-5-0-4/

Application impact

Vendor	Product	Versions	Fixed
ajaxplorer	ajaxplorer	`{"endIncluding":"5.0.3"}`
pydio	pydio	`{"endIncluding":"5.0.3"}`

References

http://pyd.io/pydio-core-5-0-4/
http://www.redfsec.com/CVE-2013-6227
https://www.exploit-db.com/exploits/46206/
http://pyd.io/pydio-core-5-0-4/
http://www.redfsec.com/CVE-2013-6227
https://www.exploit-db.com/exploits/46206/

Verify integrity in audit chain (admin only). AS-IS.