Description

Directory traversal vulnerability in the routing component in ownCloud Server before 5.0.17 and 6.0.x before 6.0.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in a filename, related to index.php.

Remediation

References

CVE-2014-4929

Related Vulnerabilities

Dolibarr Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2018-13450)

WordPress Plugin Video.js-HTML5 Video Player for Wordpress Cross-Site Scripting (4.5.0)

Atlassian Jira Incorrect Authorization Vulnerability (CVE-2019-8446)

WordPress 7PK - Security Features Vulnerability (CVE-2014-9039)

Internet Information Services Unchecked Return Value Vulnerability (CVE-2005-4360)

Severity

Medium

Classification

CVE-2014-4929 CWE-22

Tags

Missing Update Known Vulnerabilities