cbcvebase.
CVE-2015-3013
published 2015-05-08

CVE-2015-3013: ownCloud Server before 5.0.19, 6.x before 6.0.7, and 7.x before 7.0.5 allows remote authenticated users to bypass the file blacklist and upload arbitrary files…

PriorityP431medium6CVSS 2.0
AVNACMAuSCPIPAP
EPSS
1.34%
67.7th percentile
ownCloud Server before 5.0.19, 6.x before 6.0.7, and 7.x before 7.0.5 allows remote authenticated users to bypass the file blacklist and upload arbitrary files via a file path with UTF-8 encoding, as demonstrated by uploading a .htaccess file.

Affected

3 ranges
VendorProductVersion rangeFixed in
owncloudowncloud_server>= 5.0.0 < 5.0.195.0.19
owncloudowncloud_server>= 6.0.0 < 6.0.76.0.7
owncloudowncloud_server>= 7.0.0 < 7.0.57.0.5
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.