CVE-2015-3013 — Injection in Server

CWE-74 — Injection7 documents4 sources

Severity

6.0MEDIUMNVD

EPSS

0.2%

top 51.80%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Owncloud Server

Timeline

PublishedMay 8

Latest updateMay 14

Description

ownCloud Server before 5.0.19, 6.x before 6.0.7, and 7.x before 7.0.5 allows remote authenticated users to bypass the file blacklist and upload arbitrary files via a file path with UTF-8 encoding, as demonstrated by uploading a .htaccess file.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 6.8 | Impact: 6.4

Affected Packages1 packages

▶NVDowncloud/owncloud_server5.0.0 — 5.0.19+2

Patches

Patch: owncloud.org ↗Patch: owncloud.org ↗Patch: owncloud.org ↗

🔴Vulnerability Details

GHSA

GHSA-p25j-x86q-r8rc: ownCloud Server before 5↗2022-05-14

▶

CVEList

CVE-2015-3013: ownCloud Server before 5↗2015-05-08

▶

💬Community

Bugzilla

CVE-2015-3011 CVE-2015-3013 CVE-2015-3012 owncloud: various flaws fixed in 7.0.5 [epel-7]↗2015-05-04

▶

Bugzilla

CVE-2015-3011 CVE-2015-3013 CVE-2015-3012 owncloud: various flaws fixed in 7.0.5 [epel-6]↗2015-05-04

▶

Bugzilla

CVE-2015-3011 CVE-2015-3013 CVE-2015-3012 owncloud: various flaws fixed in 7.0.5 [fedora-all]↗2015-05-04

▶

Bugzilla

CVE-2015-3011 CVE-2015-3012 CVE-2015-3013 owncloud: various flaws fixed in 7.0.5↗2015-05-04

▶