CVE-2015-7699

ownCloud Server <7.0.9, <8.0.x <8.0.7, <8.1.x <8.1.2 - RCE

Title source: llm
STIX 2.1

Description

The files_external app in ownCloud Server before 7.0.9, 8.0.x before 8.0.7, and 8.1.x before 8.1.2 allows remote authenticated users to instantiate arbitrary classes and possibly execute arbitrary code via a crafted mount point option, related to "objectstore."

References (3)

Core 3
Core References
Vendor Advisory x_refsource_confirm
https://owncloud.org/security/advisory/?id=oc-sa-2015-018
Issue Tracking x_refsource_confirm
https://github.com/owncloud/core/pull/18558
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2015/dsa-3373

Scores

EPSS 0.0180
EPSS Percentile 83.0%

Details

CWE
CWE-20
Status published
Products (14)
owncloud/owncloud_server 7.0.0
owncloud/owncloud_server 7.0.1
owncloud/owncloud_server 7.0.2
owncloud/owncloud_server 7.0.3
owncloud/owncloud_server 7.0.4
owncloud/owncloud_server 7.0.5
owncloud/owncloud_server 7.0.6
owncloud/owncloud_server 7.0.7
owncloud/owncloud_server 8.0.0
owncloud/owncloud_server 8.0.2
... and 4 more
Published Oct 26, 2015
Tracked Since Feb 18, 2026