WEB APPLICATION VULNERABILITIES Standard & Premium

ownCloud Files or Directories Accessible to External Parties Vulnerability (CVE-2015-4715)

Description

The fetch function in OAuth/Curl.php in Dropbox-PHP, as used in ownCloud Server before 6.0.8, 7.x before 7.0.6, and 8.x before 8.0.4 when an external Dropbox storage has been mounted, allows remote administrators of Dropbox.com to read arbitrary files via an @ (at sign) character in unspecified POST values.

Remediation

References

Related Vulnerabilities

WordPress Plugin Social Review includes Backdoor [Only if downloaded via the vendor website] (1.0.8)

WordPress Plugin PHP Analytics Arbitrary File Upload (1.0.0.2)

WordPress Plugin Social Buttons Pack by BestWebSoft Cross-Site Scripting (1.1.0)

WordPress Plugin Slideshow Gallery LITE Multiple Vulnerabilities (1.5.1)

WordPress Plugin Awesome Studio Cross-Site Scripting (1.0.7)

Severity

Medium

Classification

CVE-2015-4715 CWE-552 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities