OwnCloud - Phpinfo Configuration

An issue was discovered in ownCloud owncloud/graphapi 0.2.x before 0.2.1 and 0.3.x before 0.3.1. The graphapi app relies on a third-party GetPhpInfo.php library that provides a URL. When this URL is accessed, it reveals the configuration details of the PHP environment phpinfo. This information...

ownCloud Server < 10.13.3 Multiple Vulnerabilities

The version of ownCloud installed on the remote host is prior to 10.13.3. It is, therefore, affected by multiple vulnerabilities: - An issue was discovered in ownCloud owncloud/graphapi The graphapi app relies on a third-party GetPhpInfo.php library that provides a URL. When this URL is accessed,...

OwnCloud graphapi 0.2.x < 0.2.1 / 0.3.x < 0.3.1 Sensitive Informations Disclosure

An issue was discovered in OwnCloud graphapi plugin 0.2.x 0.2.1 and 0.3.x 0.3.1. The graphapi plugin relies on a third-party GetPhpInfo.php library that provides a URL. When this URL is accessed, it reveals the configuration details of the PHP environment phpinfo. This information includes all th...

ownCloud graphapi Information Disclosure Vulnerability

ownCloud graphapi contains an information disclosure vulnerability that can reveal sensitive data stored in phpinfo via GetPhpInfo.php, including administrative credentials...

OwnCloud “graphapi” App Vulnerability Exposes Sensitive Data

By Deeba Ahmed The vulnerability is tracked as CVE-2023-49103 and declared critical with a CVSS v3 Base Score 10. This is a post from HackRead.com Read the original post: OwnCloud "graphapi" App Vulnerability Exposes Sensitive Data...

ownCloud vulnerability can be used to extract admin passwords

ownCloud has warned users about three critical security flaws in its file-sharing software which, if exploited, could reveal sensitive information and modify files. An especially and potentially impactful one is a vulnerability that could lead to disclosure of sensitive credentials and...

The vulnerability of the GetPhpInfo.php file of the graphapi application, a software tool for collaborative work with Owncloud files, allows a hacker to access configuration information.

The vulnerability of the GetPhpInfo.php file of the graphapi application, a software tool for collaborative work with Owncloud files, is related to the disclosure of information. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain access to configuration...

CVE-2023-49103

An issue was discovered in ownCloud owncloud/graphapi 0.2.x before 0.2.1 and 0.3.x before 0.3.1. The graphapi app relies on a third-party GetPhpInfo.php library that provides a URL. When this URL is accessed, it reveals the configuration details of the PHP environment phpinfo. This information...

CVE-2023-49103

An issue was discovered in ownCloud owncloud/graphapi 0.2.x before 0.2.1 and 0.3.x before 0.3.1. The graphapi app relies on a third-party GetPhpInfo.php library that provides a URL. When this URL is accessed, it reveals the configuration details of the PHP environment phpinfo. This information...

Design/Logic Flaw

An issue was discovered in ownCloud owncloud/graphapi 0.2.x before 0.2.1 and 0.3.x before 0.3.1. The graphapi app relies on a third-party GetPhpInfo.php library that provides a URL. When this URL is accessed, it reveals the configuration details of the PHP environment phpinfo. This information...

ownCloud Security Breach

ownCloud is a suite of personal cloud storage solutions from the US-based company ownCloud. A security vulnerability exists in ownCloud graphapi versions prior to 0.2.1, 0.3.1 and 0.3.1. The vulnerability stems from the fact that the graphapi application relies on the third-party GetPhpInfo.php...

PT-2023-7082

Name of the Vulnerable Software and Affected Versions ownCloud owncloud/graphapi versions 0.2.x through 0.2.0 and versions 0.3.x through 0.3.0 Description The issue is related to the graphapi app in ownCloud, which relies on a third-party GetPhpInfo.php library. This library provides a URL that,...

CVE-2023-49103

An issue was discovered in ownCloud owncloud/graphapi 0.2.x before 0.2.1 and 0.3.x before 0.3.1. The graphapi app relies on a third-party GetPhpInfo.php library that provides a URL. When this URL is accessed, it reveals the configuration details of the PHP environment phpinfo. This information...

CVE-2023-49103

An issue was discovered in ownCloud owncloud/graphapi 0.2.x before 0.2.1 and 0.3.x before 0.3.1. The graphapi app relies on a third-party GetPhpInfo.php library that provides a URL. When this URL is accessed, it reveals the configuration details of the PHP environment phpinfo. This information...

CVE-2023-49103

The CVE-2023-49103 vulnerability affects ownCloud graphapi in versions 0.2.x before 0.2.1 and 0.3.x before 0.3.1. The issue stems from a third‑party GetPhpInfo.php that returns a phpinfo() output, exposing the PHP environment and webserver variables (potentially including admin passwords, mail cr...

CVE-2023-49103

An issue was discovered in ownCloud owncloud/graphapi 0.2.x before 0.2.1 and 0.3.x before 0.3.1. The graphapi app relies on a third-party GetPhpInfo.php library that provides a URL. When this URL is accessed, it reveals the configuration details of the PHP environment phpinfo. This information...

OAuth consent phishing, in the wild

TL;DR An interesting incident response investigation showed exploitation of a recent OAuth related consent-phishing issue. We had been asked to investigate as the organisation had noticed some odd behaviours in the mailbox of one of the exec team. The mailbox was being queried using GraphAPI and...