Description
The fetch function in OAuth/Curl.php in Dropbox-PHP, as used in ownCloud Server before 6.0.8, 7.x before 7.0.6, and 8.x before 8.0.4 when an external Dropbox storage has been mounted, allows remote administrators of Dropbox.com to read arbitrary files via an @ (at sign) character in unspecified POST values.
Remediation
References
Related Vulnerabilities
WordPress 4.2.2 Multiple Vulnerabilities (0.7 - 4.2.2)
Squid Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-18677)
Liferay Portal Incorrect Default Permissions Vulnerability (CVE-2021-33324)
GlassFish Observable Discrepancy Vulnerability (CVE-2013-1620)
WordPress Plugin Facebook Opengraph Meta 'all_meta.php' SQL Injection (1.0)