Server: Multiple directory traversals

2013-05-14T11:42:22
ID OC-SA-2013-020
Type owncloud
Reporter ownCloud
Modified 2013-05-14T11:42:22

Description

Multiple directory traversal vulnerabilities in (1) apps/files_trashbin/index.php via the "dir" GET parameter and (2) lib/files/view.php via undefined vectors in all ownCloud versions prior to 5.0.6 and other versions before 4.0.15, allow authenticated remote attackers to get access to arbitrary local files.


For more information please consult the official advisory.

This advisory is licensed CC BY-SA 4.0