Description

Directory traversal vulnerability in apps/files_trashbin/index.php in ownCloud Server before 5.0.6 allows remote authenticated users to access arbitrary files via a .. (dot dot) in the dir parameter.

Remediation

References

CVE-2013-2085

Related Vulnerabilities

WordPress Plugin Visual Composer:Page Builder for WordPress Local File Inclusion (5.1)

Moodle Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2011-4292)

Apache Tomcat Improper Input Validation Vulnerability (CVE-2012-3544)

WordPress Improper Input Validation Vulnerability (CVE-2009-2431)

WordPress Plugin WP Cost Estimation & Payment Forms Builder Directory Traversal (9.659)

Severity

Medium

Classification

CVE-2013-2085 CWE-22

Tags

Missing Update Known Vulnerabilities