Description
The fetch function in OAuth/Curl.php in Dropbox-PHP, as used in ownCloud Server before 6.0.8, 7.x before 7.0.6, and 8.x before 8.0.4 when an external Dropbox storage has been mounted, allows remote administrators of Dropbox.com to read arbitrary files via an @ (at sign) character in unspecified POST values.
Remediation
References
Related Vulnerabilities
Apache Tomcat Insecure Default Initialization of Resource Vulnerability (CVE-2018-8014)
IBM RTC Improper Restriction of XML External Entity Reference Vulnerability (CVE-2016-0219)
MySQL CVE-2013-1502 Vulnerability (CVE-2013-1502)
WordPress Plugin Calendar Multiple Cross-Site Scripting Vulnerabilities (1.2.1)