ownCloud Improper Input Validation Vulnerability (CVE-2020-28645)

Description

Deleting users with certain names caused system files to be deleted. Risk is higher for systems which allow users to register themselves and have the data directory in the web root. This affects ownCloud/core versions < 10.6.

Remediation

References

CVE-2020-28645

Related Vulnerabilities

WordPress Plugin O2Tweet Cross-Site Request Forgery (0.0.4)

WordPress Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2010-4536)

Dolibarr Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2023-38887)

OpenSSL Improper Input Validation Vulnerability (CVE-2010-0740)

Oracle Database Server CVE-2009-3412 Vulnerability (CVE-2009-3412)

Severity

Critical

Classification

CVE-2020-28645 CWE-20 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H