CVE-2019-15622

Not strictly enough sanitization in the Nextcloud Android app 3.6.0 allowed an attacker to get content information from protected tables when using custom queries.

Published: Feb 4, 2020
Updated: Apr 13, 2023
CVE: CVE-2019-15622
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 2.4
AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CVSS v2:

Severity: Low
Score: 2.1
AV:L/AC:L/Au:N/C:P/I:N/A:N

CWEs:

CWE-89

OWASP TOP 10:

A1 - Injection

Affected Software
References

Software	From	Fixed in
nextcloud / nextcloud	-	3.6.1

https://hackerone.com/reports/518669
https://nextcloud.com/security/advisory/?id=NC-SA-2019-011

Vulnerability Database

CVE-2019-15622