Description

The OC_Util::getUrlContent function in ownCloud Server before 5.0.18, 6.x before 6.0.6, and 7.x before 7.0.3 allows remote attackers to read arbitrary files via a file:// protocol.

Remediation

References

CVE-2014-9046

Related Vulnerabilities

WordPress Plugin Coming soon and Maintenance mode Cross-Site Scripting (3.5.2)

MySQL CVE-2022-21290 Vulnerability (CVE-2022-21290)

WordPress Plugin Team Showcase Multiple Vulnerabilities (1.22.15)

WordPress Plugin Estatik Real Estate Arbitrary File Upload (2.2.5)

WordPress Plugin Foliopress WYSIWYG Cross-Site Scripting (2.6.8.4)

Severity

Medium

Classification

CVE-2014-9046 CWE-200

Tags

Missing Update Known Vulnerabilities