Description

ownCloud Server before 5.0.19, 6.x before 6.0.7, and 7.x before 7.0.5 allows remote authenticated users to bypass the file blacklist and upload arbitrary files via a file path with UTF-8 encoding, as demonstrated by uploading a .htaccess file.

Remediation

References

CVE-2015-3013

Related Vulnerabilities

WordPress Plugin Social Hashtags Cross-Site Scripting (3.0.0)

WordPress Plugin BSDev.at-Importer:Serendipity Cross-Site Scripting (0.0.1)

WordPress Plugin WP Domain Redirect SQL Injection (1.0)

PHP Other Vulnerability (CVE-2007-4528)

WordPress Plugin AdRoll for WooCommerce Stores Unspecified Vulnerability (2.2.5)

Severity

Medium

Classification

CVE-2015-3013 CWE-138

Tags

Missing Update Known Vulnerabilities