CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:S/C:P/I:P/A:P
EPSS
Percentile
56.3%
Incomplete blacklist vulnerability in ownCloud before 5.0.6 allows remote
authenticated users to execute arbitrary PHP code by uploading a crafted
file, then accessing it via a direct request to the file in /data.
Author | Note |
---|---|
jdstrand | per upstream, 5.0 only |