Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Incomplete blacklist vulnerability in ajax/upload.php in ownCloud before 5.0, when running on Windows, allows remote authenticated users to bypass intended access restrictions, upload files with arbitrary names, and execute arbitrary code via an Alternate Data Stream (ADS) syntax in the filename parameter, as demonstrated using .htaccess::$DATA to upload a PHP program.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
OwnCloud ‘filename’参数远程代码执行漏洞
Vulnerability Description
ownCloud是德国ownCloud公司的一套免费且开源的个人云存储解决方案。该方案提供文件管理、音乐存储、日历等功能。 Windows平台下的OwnCloud 4.5.13及之前版本中ajax/upload.php脚本中存在不完整黑名单漏洞。远程攻击者可借助‘filename’参数利用该漏洞绕过既定的访问限制,上传任意名称的文件,执行任意代码。
CVSS Information
N/A
Vulnerability Type
N/A