Description

ownCloud server before 8.2.6 and 9.x before 9.0.3, when the gallery app is enabled, allows remote attackers to download arbitrary images via a direct request.

Remediation

References

CVE-2016-5876

Related Vulnerabilities

Jboss EAP Incomplete List of Disallowed Inputs Vulnerability (CVE-2018-5968)

WordPress Plugin WP Realtime Sitemap Multiple Unspecified Vulnerabilities (1.5.5)

Atlassian Jira Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-20401)

WordPress 2.8 Multiple Existing/Non-Existing Username Enumeration Weaknesses (0.6.2 - 2.8)

WordPress Plugin WordPress Related Posts Cross-Site Scripting (3.6.4)

Severity

Medium

Classification

CVE-2016-5876 CWE-264 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities