CVE-2015-7699 — Improper Input Validation in Server

CWE-20 — Improper Input Validation6 documents4 sources
Severity
9.0CRITICALNVD
EPSS
1.8%
top 17.19%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Owncloud Server
Timeline
PublishedOct 26
Latest updateMay 17

Description

The files_external app in ownCloud Server before 7.0.9, 8.0.x before 8.0.7, and 8.1.x before 8.1.2 allows remote authenticated users to instantiate arbitrary classes and possibly execute arbitrary code via a crafted mount point option, related to "objectstore."

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 8.0 | Impact: 10.0

Affected Packages1 packages

â–¶NVDowncloud/owncloud_server14 versions+13

🔴Vulnerability Details

2
GHSA
GHSA-rj7h-v734-5679: The files_external app in ownCloud Server before 7↗2022-05-17
â–¶
CVEList
CVE-2015-7699: The files_external app in ownCloud Server before 7↗2015-10-26
â–¶

💬Community

3
Bugzilla
CVE-2015-4717 CVE-2015-7699 CVE-2015-5954 CVE-2015-5953 CVE-2015-4718 owncloud: Multiple vulnerabilities fixed [fedora-all]↗2015-10-19
â–¶
Bugzilla
CVE-2015-4717 CVE-2015-4718 CVE-2015-5953 CVE-2015-5954 CVE-2015-7699 CVE-2015-4716 owncloud: Multiple vulnerabilities fixed↗2015-10-19
â–¶
Bugzilla
CVE-2015-4717 CVE-2015-7699 CVE-2015-5954 CVE-2015-5953 CVE-2015-4718 owncloud: Multiple vulnerabilities fixed [epel-all]↗2015-10-19
â–¶
CVE-2015-7699 — Improper Input Validation in Server | cvebase