Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Nextcloud Tables app allowed to include local file via PhpSpreadsheet when importing a table
Vulnerability Description
Nextcloud Tables allows you to create your own tables with individual columns. Prior 0.7.6, 0.8.8, and 0.9.5, when importing a table, a user was able to specify files on the server and when their format is supported by the used PhpSpreadsheet library they would be included and their content leaked to the user. It is recommended that the Nextcloud Tables app is upgraded to 0.7.6, 0.8.8 or 0.9.5.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Vulnerability Type
行为工作流的不恰当实施
Vulnerability Title
Nextcloud Tables 安全漏洞
Vulnerability Description
Nextcloud Tables是Nextcloud开源的一个表格应用程序。 Nextcloud Tables 0.7.6之前版本、0.8.8之前版本和0.9.5之前版本存在安全漏洞,该漏洞源于导入表格时可指定服务器文件,可能导致文件内容泄露。
CVSS Information
N/A
Vulnerability Type
N/A