Description

Directory traversal vulnerability in the routing component in ownCloud Server before 5.0.17 and 6.0.x before 6.0.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in a filename, related to index.php.

Remediation

References

CVE-2014-4929

Related Vulnerabilities

Plone CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-33512)

WordPress Plugin Recipe Card Blocks for Gutenberg & Elementor Cross-Site Scripting (2.8.2)

WordPress Plugin Awesome Support-WordPress HelpDesk & Support Cross-Site Scripting (5.8.0)

WordPress Plugin Brandfolder-Digital Asset Management Simplified Local/Remote File Inclusion (3.0)

Apache HTTP Server Use of Incorrectly-Resolved Name or Reference Vulnerability (CVE-2019-0220)

Severity

Medium

Classification

CVE-2014-4929 CWE-22

Tags

Missing Update Known Vulnerabilities