Nextcloud: W3 Total Cache plugin multiple vulnerabilities

2019-05-02T19:36:39
ID H1:561805
Type hackerone
Reporter funt0m
Modified 2019-07-28T17:48:06

Description

W3 Total Cache plugin (version <= 0.9.4.1) on the https://nextcloud.com has multiple vulnerabilities. See the screenshot.png

Impact

Remote Command Execution, Unauthenticated Security Token Bypass, Unauthenticated Arbitrary File Read etc.