Description

ownCloud Server before 5.0.19, 6.x before 6.0.7, and 7.x before 7.0.5 allows remote authenticated users to bypass the file blacklist and upload arbitrary files via a file path with UTF-8 encoding, as demonstrated by uploading a .htaccess file.

Remediation

References

CVE-2015-3013

Related Vulnerabilities

PHP Other Vulnerability (CVE-2005-0525)

WordPress Plugin Easy Google Maps Cross-Site Scripting (1.9.33)

Oracle Database Server CVE-2010-2411 Vulnerability (CVE-2010-2411)

MySQL CVE-2012-0484 Vulnerability (CVE-2012-0484)

WordPress Plugin ECPay Logistics for WooCommerce Cross-Site Scripting (1.2.181030)

Severity

Medium

Classification

CVE-2015-3013 CWE-138

Tags

Missing Update Known Vulnerabilities