CVE-2013-2085

owncloud < 5.0.6 - Authenticated Path Traversal via Dir Parameter

Title source: llm
STIX 2.1

Description

Directory traversal vulnerability in apps/files_trashbin/index.php in ownCloud Server before 5.0.6 allows remote authenticated users to access arbitrary files via a .. (dot dot) in the dir parameter.

References (1)

Core 1
Core References
Patch, Vendor Advisory x_refsource_confirm
http://owncloud.org/about/security/advisories/oC-SA-2013-020/

Scores

EPSS 0.0012
EPSS Percentile 30.0%

Details

CWE
CWE-22
Status published
Products (1)
owncloud/owncloud < 5.0.6
Published Mar 14, 2014
Tracked Since Feb 18, 2026