CVE-2020-12849

Pydio Cells 2.0.4 allows any user to upload a profile image to the web application, including standard and shared user roles. These profile pictures can later be accessed directly with the generated URL by any unauthenticated or authenticated user. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt