Description
Directory traversal vulnerability in the routing component in ownCloud Server before 5.0.17 and 6.0.x before 6.0.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in a filename, related to index.php.
Remediation
References
Related Vulnerabilities
MySQL CVE-2014-2494 Vulnerability (CVE-2014-2494)
PHP Permissions, Privileges, and Access Controls Vulnerability (CVE-2010-1130)
Microsoft SQL Server Other Vulnerability (CVE-2001-0344)
WordPress Plugin Compact WP Audio Player Multiple Vulnerabilities (1.9.6)
Drupal Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2008-0272)