CRITICAL🇵🇱 Wersja polska

CVE-2020-28645

CVSS 9.1v3.1pub. 2021-02-09upd. 2024-11-21

Deleting users with certain names caused system files to be deleted. Risk is higher for systems which allow users to register themselves and have the data directory in the web root. This affects ownCloud/core versions < 10.6.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
  • Owncloud

    APP
    Owncloud
    < 10.6.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2021-35946CRITICAL9.8ten sam produkt

A receiver of a federated share with access to the database with ownCloud version before 10.8 could update the...

CVE-2014-2052CRITICAL9.8ten sam produkt

Zend Framework, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, allows remote attackers to re...

CVE-2014-2048CRITICAL9.8ten sam produkt

The user_openid app in ownCloud Server before 5.0.15 allows remote attackers to obtain access by leveraging an...

CVE-2022-31649HIGH7.5ten sam produkt

ownCloud owncloud/core before 10.10.0 Improperly Removes Sensitive Information Before Storage or Transfer.

CVE-2020-10252HIGH8.3ten sam produkt

An issue was discovered in ownCloud before 10.4. Because of an SSRF issue (via the apps/files_sharing/external...