QwikSec

Security Database

CVE

CWE

Training

CVE-2015-4715

Published: Feb 17, 2020

Modified: Aug 6, 2024

PUBLISHED

Description

The fetch function in OAuth/Curl.php in Dropbox-PHP, as used in ownCloud Server before 6.0.8, 7.x before 7.0.6, and 8.x before 8.0.4 when an external Dropbox storage has been mounted, allows remote administrators of Dropbox.com to read arbitrary files via an @ (at sign) character in unspecified POST values.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/owncloud/core/commit/bf0f1a50926a75a26a42a3da4d62e84a489ee77a

x_refsource_MISC

https://owncloud.org/security/advisory/?id=oc-sa-2015-005

x_refsource_MISC

http://www.securityfocus.com/bid/76158

x_refsource_MISC

https://owncloud.org/security/advisories/mounted-dropbox-storage-allows-dropbox-com-access-file/

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.