CVE-2015-4718

ownCloud Server < 6.0.8, 7.0.x < 7.0.6, 8.0.x < 8.0.4 - Authenticated OS Command Injection via SMB Storage Driver

Title source: llm
STIX 2.1

Description

The external SMB storage driver in ownCloud Server before 6.0.8, 7.0.x before 7.0.6, and 8.0.x before 8.0.4 allows remote authenticated users to execute arbitrary SMB commands via a ; (semicolon) character in a file.

References (3)

Core 3
Core References
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2015/dsa-3373
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/76162
Vendor Advisory x_refsource_confirm
https://owncloud.org/security/advisory/?id=oc-sa-2015-008

Scores

EPSS 0.0099
EPSS Percentile 77.1%

Details

CWE
CWE-78
Status published
Products (10)
owncloud/owncloud < 6.0.7
owncloud/owncloud_server 7.0.0
owncloud/owncloud_server 7.0.1
owncloud/owncloud_server 7.0.2
owncloud/owncloud_server 7.0.3
owncloud/owncloud_server 7.0.4
owncloud/owncloud_server 7.0.5
owncloud/owncloud_server 8.0.0
owncloud/owncloud_server 8.0.2
owncloud/owncloud_server 8.0.3
Published Oct 21, 2015
Tracked Since Feb 18, 2026