Exploitation Summary
EIP tracks 1 public exploit for CVE-2019-5454. PoCs published by shanika04.
AI-analyzed exploit summary This repository contains test files and documentation for the Nextcloud Android app, but no exploit PoC for CVE-2019-5454. The files are primarily unit tests and UI automation scripts.
Description
SQL Injection in the Nextcloud Android app prior to version 3.0.0 allows to destroy a local cache when a harmful query is executed requiring to resetup the account.
Exploits (1)
nomisec
WRITEUP
by shanika04 · poc
https://github.com/shanika04/nextcloud_android
This repository contains test files and documentation for the Nextcloud Android app, but no exploit PoC for CVE-2019-5454. The files are primarily unit tests and UI automation scripts.
Classification
Writeup 90%
Attack Type
Other
Complexity
Trivial
Reliability
Theoretical
Target:
Nextcloud Android app
No auth needed
devstral-2 · analyzed Feb 16, 2026
Full analysis →
References (1)
Core 1
Core References
Patch, Third Party Advisory x_refsource_misc
https://hackerone.com/reports/291764
Scores
CVSS v3
9.8
EPSS
0.0202
EPSS Percentile
78.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-89
Status
published
Products (13)
nextcloud/nextcloud
1.0.0
nextcloud/nextcloud
1.0.1
nextcloud/nextcloud
1.1.0 (3 CPE variants)
nextcloud/nextcloud
1.2.0 (3 CPE variants)
nextcloud/nextcloud
1.3.0 (3 CPE variants)
nextcloud/nextcloud
1.3.1
nextcloud/nextcloud
1.4.0 (5 CPE variants)
nextcloud/nextcloud
1.4.1 (5 CPE variants)
nextcloud/nextcloud
1.4.2 (5 CPE variants)
nextcloud/nextcloud
1.4.3
... and 3 more
Published
Jul 30, 2019
Tracked Since
Feb 18, 2026