Description
The OC_Util::getUrlContent function in ownCloud Server before 5.0.18, 6.x before 6.0.6, and 7.x before 7.0.3 allows remote attackers to read arbitrary files via a file:// protocol.
Remediation
References
Related Vulnerabilities
Atlassian Jira Incorrect Behavior Order: Validate Before Canonicalize Vulnerability (CVE-2022-26137)
TYPO3 Improper Input Validation Vulnerability (CVE-2010-5099)
WordPress Plugin Entries For WPForms SQL Injection (1.4.0)
Joomla Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-18650)
WordPress Plugin Keyword Strategy Internal Links Multiple Cross-Site Scripting Vulnerabilities (2.0)