{"id":"CVE-2019-20452","details":"A problem was found in Pydio Core before 8.2.4 and Pydio Enterprise before 8.2.4. A PHP object injection is present in the page plugins/core.access/src/RecycleBinManager.php. An authenticated user with basic privileges can inject objects and achieve remote code execution.","modified":"2026-02-07T05:10:24.715968Z","published":"2020-03-17T14:15:11.783Z","references":[{"type":"ADVISORY","url":"https://pydio.com/en/community/releases/pydio-core/pydio-core-pydio-enterprise-824-security-release"},{"type":"ADVISORY","url":"https://www.certilience.fr/2020/03/cve-2019-20452-vulnerabilite-php-object-injection-pydio-core/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/pydio/pydio-core","events":[{"introduced":"0"},{"fixed":"be554dd1ea1a07b4de4ab2a1976041f5337be907"}]}],"versions":["6.2alpha","6.2beta","6.2rc","ajaxplorer-core-4.3.1","ajaxplorer-core-4.3.2","ajaxplorer-core-4.3.3","ajaxplorer-core-4.3.4","ajaxplorer-core-5.0.0","ajaxplorer-core-5.0.1","ajaxplorer-core-5.0.2","ajaxplorer-core-5.0.3","pydio-core-5.1.0","pydio-core-5.1.1","pydio-core-5.2.0","pydio-core-5.2.1","pydio-core-5.2.2","pydio-core-5.2.3","pydio-core-5.2.4","pydio-core-5.2.5","pydio-core-5.3.1","pydio-core-5.3.2","pydio-core-5.3.3","pydio-core-5.3.4","pydio-core-6.0.0","pydio-core-6.0.1","pydio-core-6.0.2","pydio-core-6.0.3","pydio-core-6.0.4","pydio-core-6.0.5","pydio-core-6.0.6","pydio-core-6.0.7","pydio-core-6.0.8","pydio-core-6.2.0","pydio-core-6.2.1","pydio-core-6.2.2","pydio-core-6.2.2rc","pydio-core-6.2.2rc2","pydio-core-6.2.2rc3","pydio-core-6.3.1","pydio-core-6.4.0","pydio-core-6.4.0rc1","pydio-core-6.4.0rc2","pydio-core-6.4.0rc3","pydio-core-6.4.1","pydio-core-6.4.2","pydio-core-6.4.2rc1","pydio-core-6.5.1","pydio-core-6.5.2","pydio-core-6.5.3","pydio-core-6.5.4","pydio-core-6.5.5","pydio-core-7.0.0","pydio-core-7.0.1","pydio-core-7.0.2","pydio-core-7.0.3","pydio-core-7.0.4","pydio-core-8.0.0","pydio-core-8.0.1","pydio-core-8.0.2","pydio-core-8.2.0","pydio-core-8.2.1","pydio-core-8.2.2","pydio-core-8.2.3"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-20452.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}