Description
ownCloud Server before 7.0.8, 8.0.x before 8.0.6, and 8.1.x before 8.1.1 does not properly check ownership of calendars, which allows remote authenticated users to read arbitrary calendars via the calid parameter to apps/calendar/export.php.
Remediation
References
Related Vulnerabilities
WordPress Plugin All Video Gallery 'vid' Parameter Multiple SQL Injection Vulnerabilities (1.1)
CubeCart Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2023-38130)
WebLogic CVE-2020-2884 Vulnerability (CVE-2020-2884)
WordPress Plugin GD Star Rating Multiple Vulnerabilities (1.9.22)
WordPress Plugin Testimonial Rotator Cross-Site Scripting (3.0.3)