CVE-2014-2051 — Code Injection in Server

CWE-94 — Code Injection3 documents3 sources

Severity

7.5HIGHNVD

EPSS

0.6%

top 31.35%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Owncloud Server

Timeline

PublishedJun 5

Latest updateMay 17

Description

ownCloud Server before 5.0.15 and 6.0.x before 6.0.2 allows remote attackers to conduct an LDAP injection attack via unspecified vectors, as demonstrated using a "login query."

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

▶NVDowncloud/owncloud_server5.0.14+17

Patches

Patch: owncloud.org ↗Patch: owncloud.org ↗

🔴Vulnerability Details

GHSA

GHSA-x4rf-m9hc-vjf6: ownCloud Server before 5↗2022-05-17

▶

CVEList

CVE-2014-2051: ownCloud Server before 5↗2014-06-05

▶