HIGH✓ PATCH🇵🇱 Wersja polska

CVE-2015-6500

CVSS 7.5v2.0pub. 2015-10-26upd. 2026-05-06

Directory traversal vulnerability in ownCloud Server before 8.0.6 and 8.1.x before 8.1.1 allows remote authenticated users to list directory contents and possibly cause a denial of service (CPU consumption) via a .. (dot dot) in the dir parameter to index.php/apps/files/ajax/scan.php.

CVSS Vector
AV:N/AC:L/Au:S/C:P/I:N/A:C
  • Owncloud Server

    APP
    Owncloud
    7.0.07.0.17.0.27.0.37.0.47.0.57.0.67.0.78.0.08.0.28.0.38.0.48.0.58.1.0
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
Path TraversalDoS
CWE
References

Related vulnerabilities

CVE-2023-49105CRITICAL9.8PL ✓ten sam produkt

OwnCloud: Pominięcie uwierzytelniania przez pre-signed URL (WebDAV API)

CVE-2014-2052CRITICAL9.8ten sam produkt

Zend Framework, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, allows remote attackers to re...

CVE-2016-1499HIGH8.5ten sam produkt

ownCloud Server before 8.0.10, 8.1.x before 8.1.5, and 8.2.x before 8.2.2 allow remote authenticated users to ...

CVE-2015-7699HIGH9.0ten sam produkt

The files_external app in ownCloud Server before 7.0.9, 8.0.x before 8.0.7, and 8.1.x before 8.1.2 allows remo...

CVE-2015-4716HIGH10.0ten sam produkt

Directory traversal vulnerability in the routing component in ownCloud Server before 7.0.6 and 8.0.x before 8....