Description
The HTML\Browser plugin in SabreDAV before 1.6.9, 1.7.x before 1.7.7, and 1.8.x before 1.8.5, as used in ownCloud, when running on Windows, does not properly check path separators in the base path, which allows remote attackers to read arbitrary files via a \ (backslash) character.
Remediation
References
Related Vulnerabilities
WordPress Plugin WordPress Landing Pages SQL Injection (1.2.1)
Oracle Database Server CVE-2008-2602 Vulnerability (CVE-2008-2602)
WordPress Plugin Swipe Checkout for eShop Cross-Site Scripting (3.7.0)
WebERP Incorrect Permission Assignment for Critical Resource Vulnerability (CVE-2018-20420)
WordPress Plugin Easy Career Openings Cross-Site Scripting (0.4)