Description
Multiple incomplete blacklist vulnerabilities in (1) import.php and (2) ajax/uploadimport.php in apps/contacts/ in ownCloud before 4.0.13 and 4.5.x before 4.5.8 allow remote authenticated users to execute arbitrary PHP code by uploading a .htaccess file.
Remediation
References
Related Vulnerabilities
WordPress Plugin WP Simple Booking Calendar SQL Injection (2.0.6)
Magento CVE-2019-8123 Vulnerability (CVE-2019-8123)
WordPress Plugin Catch Under Construction Security Bypass (1.3.4)
Oracle JRE CVE-2022-21294 Vulnerability (CVE-2022-21294)
Ruby on Rails Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2020-8162)