Description
The HTML\Browser plugin in SabreDAV before 1.6.9, 1.7.x before 1.7.7, and 1.8.x before 1.8.5, as used in ownCloud, when running on Windows, does not properly check path separators in the base path, which allows remote attackers to read arbitrary files via a \ (backslash) character.
Remediation
References
Related Vulnerabilities
WordPress Plugin Simple Post Cross-Site Scripting (1.1)
WordPress 4.5.x Multiple Vulnerabilities (4.5 - 4.5.13)
Atlassian Confluence Incorrect Authorization Vulnerability (CVE-2023-22518)
PostgreSQL Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2005-0227)
WordPress Plugin Video Player Unspecified Vulnerability (1.1.4)