CVE-2014-2054
ownCloud Server < 5.0.15 and 6.0.x < 6.0.2 - XML External Entity Injection via PHPExcel
Title source: llmDescription
PHPExcel before 1.8.0, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, does not disable external entity loading in libxml, which allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity (XXE) attack.
References (2)
Core 2
Core References
Various Sources x_refsource_confirm
https://github.com/PHPOffice/PHPExcel/blob/develop/changelog.txt
Vendor Advisory x_refsource_confirm
http://owncloud.org/about/security/advisories/oC-SA-2014-006/
Scores
EPSS
0.0154
EPSS Percentile
71.7%
Details
Status
published
Products (20)
owncloud/owncloud_server
6.0.0
owncloud/owncloud_server
6.0.1
owncloud/owncloud_server
5.0.0
owncloud/owncloud_server
5.0.1
owncloud/owncloud_server
5.0.2
owncloud/owncloud_server
5.0.3
owncloud/owncloud_server
5.0.4
owncloud/owncloud_server
5.0.5
owncloud/owncloud_server
5.0.6
owncloud/owncloud_server
5.0.7
... and 10 more
Published
Jun 04, 2014
Tracked Since
Feb 18, 2026