Description
Incomplete blacklist vulnerability in ownCloud before 5.0.6 allows remote authenticated users to execute arbitrary PHP code by uploading a crafted file, then accessing it via a direct request to the file in /data.
Remediation
References
Related Vulnerabilities
MySQL CVE-2022-21330 Vulnerability (CVE-2022-21330)
phpMyAdmin URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2017-1000013)
Drupal Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2013-6385)
Jboss EAP CVE-2024-7885 Vulnerability (CVE-2024-7885)
WordPress Plugin Duplicator-WordPress Migration Cross-Site Scripting (1.2.32)