Описание
The fetch function in OAuth/Curl.php in Dropbox-PHP, as used in ownCloud Server before 6.0.8, 7.x before 7.0.6, and 8.x before 8.0.4 when an external Dropbox storage has been mounted, allows remote administrators of Dropbox.com to read arbitrary files via an @ (at sign) character in unspecified POST values.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | DNE | |
| bionic | DNE | |
| cosmic | DNE | |
| devel | DNE | |
| disco | DNE | |
| esm-apps/xenial | not-affected | 1.0.0-4 |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was needed] |
| precise | DNE | |
| precise/esm | DNE | |
| trusty | ignored | end of standard support |
Показывать по
EPSS
4 Medium
CVSS2
4.9 Medium
CVSS3
Связанные уязвимости
The fetch function in OAuth/Curl.php in Dropbox-PHP, as used in ownCloud Server before 6.0.8, 7.x before 7.0.6, and 8.x before 8.0.4 when an external Dropbox storage has been mounted, allows remote administrators of Dropbox.com to read arbitrary files via an @ (at sign) character in unspecified POST values.
The fetch function in OAuth/Curl.php in Dropbox-PHP, as used in ownClo ...
The fetch function in OAuth/Curl.php in Dropbox-PHP, as used in ownCloud Server before 6.0.8, 7.x before 7.0.6, and 8.x before 8.0.4 when an external Dropbox storage has been mounted, allows remote administrators of Dropbox.com to read arbitrary files via an @ (at sign) character in unspecified POST values.
EPSS
4 Medium
CVSS2
4.9 Medium
CVSS3