Description
lib/base.php in ownCloud before 4.0.8 does not properly validate the user_id session variable, which allows remote authenticated users to read arbitrary files via vectors related to WebDAV.
Remediation
References
Related Vulnerabilities
Apache HTTP Server Session Fixation Vulnerability (CVE-2018-17199)
OpenSSL Use of a Broken or Risky Cryptographic Algorithm Vulnerability (CVE-2022-1434)
WordPress Plugin Blogger To WordPress SQL Injection (2.2.1)
PHP Improper Input Validation Vulnerability (CVE-2015-4605)
ownCloud Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-5865)