ownCloud Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Vulnerability (CVE-2015-7698)

Description

icewind1991 SMB before 1.0.3 allows remote authenticated users to execute arbitrary SMB commands via shell metacharacters in the user argument in the (1) listShares function in Server.php or the (2) connect or (3) read function in Share.php.

Remediation

References

CVE-2015-7698

Related Vulnerabilities

phpList Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2017-20032)

WordPress Plugin Premium Addons for Elementor Multiple Cross-Site Scripting Vulnerabilities (4.2.7)

Moodle Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-2269)

WordPress Plugin All-in-one Floating Contact Form, Call, Chat, and 50+ Social Icon Tabs-My Sticky Elements Cross-Site Scripting (2.0.3)

WordPress Plugin My Calendar Multiple Cross-Site Scripting Vulnerabilities (2.3.9)

Severity

Critical

Classification

CVE-2015-7698 CWE-138