CVE-2015-4715

The fetch function in OAuth/Curl.php in Dropbox-PHP, as used in ownCloud Server before 6.0.8, 7.x before 7.0.6, and 8.x before 8.0.4 when an external Dropbox storage has been mounted, allows remote administrators of Dropbox.com to read arbitrary files via an @ (at sign) character in unspecified POST values.

Published: Feb 17, 2020
Updated: Apr 13, 2023
CVE: CVE-2015-4715
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 4.9
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

CVSS v2:

Severity: Low
Score: 4
AV:N/AC:L/Au:S/C:P/I:N/A:N

CWEs:

CWE-552

Affected Software
References

Software	From	Fixed in
owncloud / owncloud	-	6.0.8
owncloud / owncloud_server	7.0.0	7.0.6
owncloud / owncloud_server	8.0.0	8.0.4

http://www.securityfocus.com/bid/76158
https://github.com/owncloud/core/commit/bf0f1a50926a75a26a42a3da4d62e84a489ee77a
https://owncloud.org/security/advisories/mounted-dropbox-storage-allows-dropbox-com-access-file/
https://owncloud.org/security/advisory/?id=oc-sa-2015-005

Vulnerability Database

289,697

CVE-2015-4715