Deleting users with certain names caused system files to be deleted. Risk is higher for systems which allow users to register themselves and have the data directory in the web root. This affects ownCloud/core versions < 10.6.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:HOwncloud
APPOwncloud< 10.6.0
Related vulnerabilities
A receiver of a federated share with access to the database with ownCloud version before 10.8 could update the...
Zend Framework, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, allows remote attackers to re...
The user_openid app in ownCloud Server before 5.0.15 allows remote attackers to obtain access by leveraging an...
ownCloud owncloud/core before 10.10.0 Improperly Removes Sensitive Information Before Storage or Transfer.
An issue was discovered in ownCloud before 10.4. Because of an SSRF issue (via the apps/files_sharing/external...