Description
ownCloud Server before 7.0.8, 8.0.x before 8.0.6, and 8.1.x before 8.1.1 does not properly check ownership of calendars, which allows remote authenticated users to read arbitrary calendars via the calid parameter to apps/calendar/export.php.
Remediation
References
Related Vulnerabilities
PHP 4.3.0 file disclosure and possible code execution
WebLogic CVE-2020-14639 Vulnerability (CVE-2020-14639)
WordPress Plugin Login by Auth0 Multiple Vulnerabilities (3.11.3)
Jboss EAP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2014-3481)
WordPress Plugin Handsome Testimonials & Reviews SQL Injection (2.0.7)