Description

An issue was discovered in ownCloud before 10.4. Because of an SSRF issue (via the apps/files_sharing/external remote parameter), an authenticated attacker can interact with local services blindly (aka Blind SSRF) or conduct a Denial Of Service attack.

Remediation

References

CVE-2020-10252

Related Vulnerabilities

WordPress Plugin mySTAT 'mystat.php' SQL Injection (2.6)

WordPress Plugin WCFM Membership-WooCommerce Memberships for Multivendor Marketplace Cross-Site Request Forgery (2.9.10)

Internet Information Services Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-1999-0349)

MySQL CVE-2018-2846 Vulnerability (CVE-2018-2846)

WordPress Plugin Paid Memberships Pro-Content Restriction, User Registration, & Paid Subscriptions SQL Injection (2.9.11)

Severity

High

Classification

CVE-2020-10252 CWE-918 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H

Tags

Missing Update Known Vulnerabilities