Description

ownCloud Server before 7.0.8, 8.0.x before 8.0.6, and 8.1.x before 8.1.1 does not properly check ownership of calendars, which allows remote authenticated users to read arbitrary calendars via the calid parameter to apps/calendar/export.php.

Remediation

References

CVE-2015-6670

Related Vulnerabilities

WordPress Plugin All Video Gallery 'vid' Parameter Multiple SQL Injection Vulnerabilities (1.1)

CubeCart Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2023-38130)

WebLogic CVE-2020-2884 Vulnerability (CVE-2020-2884)

WordPress Plugin GD Star Rating Multiple Vulnerabilities (1.9.22)

WordPress Plugin Testimonial Rotator Cross-Site Scripting (3.0.3)

Severity

Medium

Classification

CVE-2015-6670

Tags

Missing Update Known Vulnerabilities