Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

ownCloud Other Vulnerability (CVE-2015-5954)

Description

The virtual filesystem in ownCloud Server before 6.0.9, 7.0.x before 7.0.7, and 8.0.x before 8.0.5 does not consider that NULL is a valid getPath return value, which allows remote authenticated users to bypass intended access restrictions and gain access to users files via a sharing link to a file with a deleted parent folder.

Remediation

References

Related Vulnerabilities

OpenSSL Out-of-bounds Read Vulnerability (CVE-2022-4203)

WebLogic Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-10334)

WordPress Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-2402)

WordPress Plugin Pressbooks Textbook Cross-Site Scripting (1.2.5)

WordPress Plugin WP REST API (WP API) Cross-Site Scripting (1.2.2)

Severity

Medium

Classification

CVE-2015-5954

Tags

Missing Update Known Vulnerabilities