CVE-2019-5454 — SQL Injection in Com.nextcloud.client

CWE-89 — SQL Injection4 documents4 sources

Severity

9.8CRITICALNVD

EPSS

0.5%

top 34.03%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Nextcloud Com.nextcloud.client Nextcloud

Timeline

PublishedJul 30

Latest updateMay 31

Description

SQL Injection in the Nextcloud Android app prior to version 3.0.0 allows to destroy a local cache when a harmful query is executed requiring to resetup the account.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶NVDnextcloud/nextcloud13 versions+12

▶CVEListV5nextcloud/com.nextcloud.client3.0.0

Patches

Patch: hackerone.com ↗Patch: hackerone.com ↗

🔴Vulnerability Details

OSV

cups vulnerabilities↗2022-05-31

▶

GHSA

GHSA-8xmq-qp2g-jjf3: SQL Injection in the Nextcloud Android app prior to version 3↗2022-05-24

▶

CVEList

CVE-2019-5454: SQL Injection in the Nextcloud Android app prior to version 3↗2019-07-30

▶