The HTML\Browser plugin in SabreDAV prior to 1.6.9, 1.7.x prior to 1.7.7, and 1.8.x prior to 1.8.5, as used in ownCloud, when running on Windows, does not properly check path separators in the base path, which allows remote malicious users to read arbitrary files via a \ (backslash) character.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
fruux sabredav |
||
owncloud owncloud |