Description
Incomplete blacklist vulnerability in ownCloud before 5.0.6 allows remote authenticated users to execute arbitrary PHP code by uploading a crafted file, then accessing it via a direct request to the file in /data.
Remediation
References
Related Vulnerabilities
WordPress Plugin Admin Log Unspecified Vulnerability (1.42)
WordPress Plugin CBX Bookmark & Favorite Cross-Site Scripting (1.6.8)
ownCloud Permissions, Privileges, and Access Controls Vulnerability (CVE-2016-5876)
WeBid Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3815)
PHP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2014-4721)