Description

Deleting users with certain names caused system files to be deleted. Risk is higher for systems which allow users to register themselves and have the data directory in the web root. This affects ownCloud/core versions < 10.6.

Remediation

References

CVE-2020-28645

Related Vulnerabilities

Moodle Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2013-4313)

Jboss EAP Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-0005)

Grafana Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2021-43813)

WordPress Plugin Bitcoin Satoshi Tools:Faucets, Visitor Rewarder, Satoshi Games, Referral Program Cross-Site Request Forgery (1.7.0)

WordPress Improper Authentication Vulnerability (CVE-2014-0166)

Severity

Critical

Classification

CVE-2020-28645 CWE-20 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Tags

Missing Update Known Vulnerabilities