Description

ownCloud Server before 5.0.19, 6.x before 6.0.7, and 7.x before 7.0.5 allows remote authenticated users to bypass the file blacklist and upload arbitrary files via a file path with UTF-8 encoding, as demonstrated by uploading a .htaccess file.

Remediation

References

CVE-2015-3013

Related Vulnerabilities

WordPress Plugin uCare-Support Ticket System Cross-Site Scripting (1.2.1)

TinyMCE Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-23494)

Ruby on Rails 7PK - Security Features Vulnerability (CVE-2015-7576)

MySQL CVE-2016-5441 Vulnerability (CVE-2016-5441)

Moodle CVE-2021-36394 Vulnerability (CVE-2021-36394)

Severity

Medium

Classification

CVE-2015-3013 CWE-138

Tags

Missing Update Known Vulnerabilities