HIGH✓ PATCH🇬🇧 English

CVE-2015-7699

CVSS 9.0v2.0pub. 2015-10-26upd. 2026-05-06

The files_external app in ownCloud Server before 7.0.9, 8.0.x before 8.0.7, and 8.1.x before 8.1.2 allows remote authenticated users to instantiate arbitrary classes and possibly execute arbitrary code via a crafted mount point option, related to "objectstore."

oryginał EN
CVSS Vector
AV:N/AC:L/Au:S/C:C/I:C/A:C
  • Owncloud Server

    APP
    Owncloud
    7.0.07.0.17.0.27.0.37.0.47.0.57.0.67.0.78.0.08.0.28.0.38.0.48.0.58.1.0
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
Tagi
RCE
CWE
Referencje

Powiązane podatności

CVE-2023-49105CRITICAL9.8PL ✓ten sam produkt

OwnCloud: Pominięcie uwierzytelniania przez pre-signed URL (WebDAV API)

CVE-2014-2052CRITICAL9.8ten sam produkt

Zend Framework, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, allows remote attackers to re...

CVE-2016-1499HIGH8.5ten sam produkt

ownCloud Server before 8.0.10, 8.1.x before 8.1.5, and 8.2.x before 8.2.2 allow remote authenticated users to ...

CVE-2015-6500HIGH7.5ten sam produkt

Directory traversal vulnerability in ownCloud Server before 8.0.6 and 8.1.x before 8.1.1 allows remote authent...

CVE-2015-4716HIGH10.0ten sam produkt

Directory traversal vulnerability in the routing component in ownCloud Server before 7.0.6 and 8.0.x before 8....