Description

The fetch function in OAuth/Curl.php in Dropbox-PHP, as used in ownCloud Server before 6.0.8, 7.x before 7.0.6, and 8.x before 8.0.4 when an external Dropbox storage has been mounted, allows remote administrators of Dropbox.com to read arbitrary files via an @ (at sign) character in unspecified POST values.

Remediation

References

CVE-2015-4715

Related Vulnerabilities

Rukovoditel Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2020-13591)

WordPress 5.7.x Multiple Prototype Pollution Vulnerabilities (5.7 - 5.7.5)

Oracle JRE CVE-2023-22006 Vulnerability (CVE-2023-22006)

WordPress Plugin Essential Addons for Elementor Cross-Site Scripting (5.0.8)

Apache Tomcat Other Vulnerability (CVE-2007-3383)

Severity

Medium

Classification

CVE-2015-4715 CWE-552 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities