Description

Deleting users with certain names caused system files to be deleted. Risk is higher for systems which allow users to register themselves and have the data directory in the web root. This affects ownCloud/core versions < 10.6.

Remediation

References

CVE-2020-28645

Related Vulnerabilities

WordPress Plugin Avenir-soft Direct Download Multiple Vulnerabilities (1.0)

WordPress Plugin Premium Addons for Elementor Multiple Cross-Site Scripting Vulnerabilities (4.2.7)

Oracle JRE CVE-2013-1479 Vulnerability (CVE-2013-1479)

WordPress Plugin Vuukle Comments, Reactions, Share Bar, Revenue Cross-Site Request Forgery (3.4.31)

Oracle JRE CVE-2013-2471 Vulnerability (CVE-2013-2471)

Severity

Critical

Classification

CVE-2020-28645 CWE-20 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Tags

Missing Update Known Vulnerabilities