CVE-2015-4716 — Path Traversal in Owncloud

CWE-22 — Path Traversal4 documents4 sources

Severity

10.0CRITICALNVD

EPSS

18.6%

top 4.74%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Owncloud Owncloud Server

Timeline

PublishedOct 21

Latest updateMay 17

Description

Directory traversal vulnerability in the routing component in ownCloud Server before 7.0.6 and 8.0.x before 8.0.4, when running on Windows, allows remote attackers to reinstall the application or execute arbitrary code via unspecified vectors.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages2 packages

▶NVDowncloud/owncloud_server8.0.0, 8.0.2, 8.0.3+2

▶NVDowncloud/owncloud7.0.5

🔴Vulnerability Details

GHSA

GHSA-g6c8-qw7x-86rj: Directory traversal vulnerability in the routing component in ownCloud Server before 7↗2022-05-17

▶

CVEList

CVE-2015-4716: Directory traversal vulnerability in the routing component in ownCloud Server before 7↗2015-10-21

▶

💬Community

Bugzilla

CVE-2015-4717 CVE-2015-4718 CVE-2015-5953 CVE-2015-5954 CVE-2015-7699 CVE-2015-4716 owncloud: Multiple vulnerabilities fixed↗2015-10-19

▶