ownCloud Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-3835)

Description

ownCloud Server before 5.0.16 and 6.0.x before 6.0.3 does not check permissions to the files_external application, which allows remote authenticated users to add external storage via unspecified vectors.

Remediation

References

CVE-2014-3835

Related Vulnerabilities

Claroline Other Vulnerability (CVE-2006-5256)

Magento CVE-2019-8122 Vulnerability (CVE-2019-8122)

WordPress Same Origin Method Execution (SOME) Vulnerability (0.70 - 3.7.13)

Python Improper Restriction of XML External Entity Reference Vulnerability (CVE-2017-9233)

phpBB Server-Side Request Forgery (SSRF) Vulnerability (CVE-2019-11767)

Severity

Medium

Classification

CVE-2014-3835 CWE-264