Description

Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from content spoofing in the dav app. The exception message displayed on the DAV endpoints contained partially user-controllable input leading to a potential misrepresentation of information.

Remediation

References

CVE-2016-9468

Related Vulnerabilities

Magento CVE-2019-7876 Vulnerability (CVE-2019-7876)

PHP Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2016-7418)

WordPress Plugin Our Team Showcase Cross-Site Request Forgery (1.2)

WordPress Plugin Advanced Custom Fields PRO Arbitrary File Upload (5.12.2)

WordPress Plugin Advanced Dynamic Pricing for WooCommerce Multiple Vulnerabilities (4.1.5)

Severity

Medium

Classification

CVE-2016-9468 CWE-284 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Tags

Missing Update Known Vulnerabilities