Description
Incomplete blacklist vulnerability in ajax/upload.php in ownCloud before 5.0, when running on Windows, allows remote authenticated users to bypass intended access restrictions, upload files with arbitrary names, and execute arbitrary code via an Alternate Data Stream (ADS) syntax in the filename parameter, as demonstrated using .htaccess::$DATA to upload a PHP program.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Portcullis · textwebappsmultiple
https://www.exploit-db.com/exploits/32162
References (9)
Core 9
Core References
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/57267
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/104082
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/66000
Mailing List mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2014/Mar/45
Exploit x_refsource_misc
http://packetstormsecurity.com/files/125585/ownCloud-4.0.x-4.5.x-Remote-Code-Execution.html
Exploit exploit
x_refsource_exploit-db
http://www.exploit-db.com/exploits/32162
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/91757
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/531365/100/0/threaded
Scores
EPSS
0.1392
EPSS Percentile
94.3%
Details
CWE
CWE-94
Status
published
Products (35)
owncloud/owncloud
< 4.5.13
owncloud/owncloud_server
3.0.0
owncloud/owncloud_server
3.0.1
owncloud/owncloud_server
3.0.2
owncloud/owncloud_server
3.0.3
owncloud/owncloud_server
4.0.0
owncloud/owncloud_server
4.0.1
owncloud/owncloud_server
4.0.2
owncloud/owncloud_server
4.0.3
owncloud/owncloud_server
4.0.4
... and 25 more
Published
Oct 06, 2014
Tracked Since
Feb 18, 2026