Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2014-2044 — Code Injection in Owncloud

CWE-94 — Code Injection4 documents4 sources

Severity

7.5HIGHNVD

EPSS

13.9%

top 5.67%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Owncloud Owncloud Server

Timeline

PublishedOct 6

Latest updateMay 14

Description

Incomplete blacklist vulnerability in ajax/upload.php in ownCloud before 5.0, when running on Windows, allows remote authenticated users to bypass intended access restrictions, upload files with arbitrary names, and execute arbitrary code via an Alternate Data Stream (ADS) syntax in the filename parameter, as demonstrated using .htaccess::$DATA to upload a PHP program.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

▶NVDowncloud/owncloud4.5.13

▶NVDowncloud/owncloud_server34 versions+33

🔴Vulnerability Details

GHSA

GHSA-3mmx-4r9c-p6f8: Incomplete blacklist vulnerability in ajax/upload↗2022-05-14

▶

CVEList

CVE-2014-2044: Incomplete blacklist vulnerability in ajax/upload↗2014-10-06

▶

💥Exploits & PoCs

Exploit-DB

ownCloud 4.0.x/4.5.x - 'upload.php?Filename' Remote Code Execution↗2014-03-10

▶