Description
The fetch function in OAuth/Curl.php in Dropbox-PHP, as used in ownCloud Server before 6.0.8, 7.x before 7.0.6, and 8.x before 8.0.4 when an external Dropbox storage has been mounted, allows remote administrators of Dropbox.com to read arbitrary files via an @ (at sign) character in unspecified POST values.
Remediation
References
Related Vulnerabilities
WordPress Plugin Social Review includes Backdoor [Only if downloaded via the vendor website] (1.0.8)
WordPress Plugin PHP Analytics Arbitrary File Upload (1.0.0.2)
WordPress Plugin Social Buttons Pack by BestWebSoft Cross-Site Scripting (1.1.0)
WordPress Plugin Slideshow Gallery LITE Multiple Vulnerabilities (1.5.1)
WordPress Plugin Awesome Studio Cross-Site Scripting (1.0.7)