Vulners
Lucene search
CVE-2023-26482
🗓️ 30 Mar 2023 18:27:17Reported by GitHub_MType 
cve🔗 web.nvd.nist.gov📰️ 1 Media mentions👁 165 Views🌐 WEB
| Reporter | Title | Published | Views | Family All 22 |
|---|---|---|---|---|
 | The vulnerability of cloud-based software for creating and using Nextcloud data storage allows a hacker to execute arbitrary code. | 27 Apr 202300:00 | – | bdu_fstec |
 | CVE-2023-26482 | 30 Mar 202322:35 | – | circl |
 | Nextcloud 操作系统命令注入漏洞 | 30 Mar 202300:00 | – | cnnvd |
 | CVE-2023-26482 Scope of workflow operations is not validated in nextcloud server | 30 Mar 202318:27 | – | cvelist |
 | Scope of workflow operations is not validated | 30 Mar 202308:18 | – | nextcloud |
 | Nextcloud Workflows Remote Code Execution | 15 May 202518:53 | – | metasploit |
 | CVE-2023-26482 | 30 Mar 202319:15 | – | nvd |
 | Nextcloud Server 24.x < 24.0.10, 25.x < 25.0.4 Multiple Vulnerabilities (GHSA-h3c9-cmh8-7qpj, GHSA-ch7f-px7m-hg25, GHSA-5w64-6c42-rgcv, GHSA-7w2p-rp9m-9xp9) | 3 Apr 202300:00 | – | openvas |
 | CVE-2023-26482 Scope of workflow operations is not validated in nextcloud server | 30 Mar 202318:27 | – | osv |
 | 📄 Nextcloud Workflows Remote Code Execution | 15 May 202500:00 | – | packetstorm |
10
Node
OROROROROROROR
[
{
"vendor": "nextcloud",
"product": "security-advisories",
"versions": [
{
"version": "< 24.0.10",
"status": "affected"
},
{
"version": ">= 25.0.0, < 25.0.4",
"status": "affected"
}
]
}
]| Parameter | Position | Path | Description | CWE |
|---|---|---|---|---|
| id | request body | ocs/v2.php/apps/workflowengine/api/v1/workflows/user | Create a workflow that can execute code via the Workflow Script app. | CWE-78 |
| class | request body | ocs/v2.php/apps/workflowengine/api/v1/workflows/user | Create a workflow that can execute code via the Workflow Script app. | CWE-78 |
| entity | request body | ocs/v2.php/apps/workflowengine/api/v1/workflows/user | Create a workflow that can execute code via the Workflow Script app. | CWE-78 |
| events | request body | ocs/v2.php/apps/workflowengine/api/v1/workflows/user | Create a workflow that can execute code via the Workflow Script app. | CWE-78 |
| name | request body | ocs/v2.php/apps/workflowengine/api/v1/workflows/user | Create a workflow that can execute code via the Workflow Script app. | CWE-78 |
| checks | request body | ocs/v2.php/apps/workflowengine/api/v1/workflows/user | Create a workflow that can execute code via the Workflow Script app. | CWE-78 |
| operation | request body | ocs/v2.php/apps/workflowengine/api/v1/workflows/user | Create a workflow that can execute code via the Workflow Script app. | CWE-78 |
| valid | request body | ocs/v2.php/apps/workflowengine/api/v1/workflows/user | Create a workflow that can execute code via the Workflow Script app. | CWE-78 |
| filename | path | remote.php/webdav/{filename} | Upload payload file used by the created workflow. | CWE-78 |
| workflow_id | path | ocs/v2.php/apps/workflowengine/api/v1/workflows/user/{workflow_id} | Delete a previously created workflow. | CWE-78 |
10
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
17 Jun 2026 05:43Current
8.6High risk
Vulners AI Score8.6
CVSS 3.18.8 - 9
EPSS0.04176
SSVC