QSearchQSearch

CVE-2021-41324

6.5 MEDIUM

Directory traversal in the Copy, Move, and Delete features in Pydio Cells 2.2.9 allows remote authenticated users to enumerate personal f...

Published: 2021-09-30 · Last updated: 2026-06-17

Severity and scoring

CVSS
6.5 MEDIUM
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CWE
CWE-22

Affected products

VendorProduct
pydiocells

Description

Directory traversal in the Copy, Move, and Delete features in Pydio Cells 2.2.9 allows remote authenticated users to enumerate personal files (or Cells files belonging to any user) via the nodes parameter (for Copy and Move) or via the Path parameter (for Delete).

Source: NVD

References

Related CVEs

Same vendor

  • CVE-2021-41325 Broken access control for user creation in Pydio Cells 2.2.9 allows remote anonymous users to create standard users via the profile param... (6.5 MEDIUM)
  • CVE-2021-41323 Directory traversal in the Compress feature in Pydio Cells 2.2.9 allows remote authenticated users to overwrite personal files, or Cells ... (6.5 MEDIUM)

Same CWE

  • CVE-2026-48777 FileBrowser Quantum is a free, self-hosted, web-based file manager
  • CVE-2026-8442 The WP Review Slider Pro plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to and including 12.6.8 (8.1 HIGH)
  • CVE-2026-49766 Subscriber Arbitrary File Deletion in WP User Manager <= 2.9.16 versions (9.9 CRITICAL)
  • CVE-2026-49061 Unauthenticated Arbitrary File Download in WPC Product Options for WooCommerce <= 3.2.1 versions (7.5 HIGH)
  • CVE-2026-40779 Contributor Arbitrary File Deletion in Link Library <= 7.8.8 versions (7.7 HIGH)