ownCloud: OS Command Injection via tainted PATH environment variable in findBinaryPath

The PATH environment variable is passed to the find command in owncloud/core/blob/master/lib/private/legacy/helper.php on line 543 is not sanitized for input. If an adversary is able to taint the PATH environment variable, OS command execution is possible utilizing the find command's execute -exe...