CVE-2015-3013

Name of the Vulnerable Software and Affected Versions ownCloud Server versions prior to 5.0.19 ownCloud Server versions 6.x prior to 6.0.7 ownCloud Server versions 7.x prior to 7.0.5

Description The issue allows remote authenticated users to bypass the file blacklist and upload arbitrary files via a file path with UTF-8 encoding. This can be demonstrated by uploading a .htaccess file.

Recommendations For ownCloud Server versions prior to 5.0.19, update to version 5.0.19 or later. For ownCloud Server versions 6.x prior to 6.0.7, update to version 6.0.7 or later. For ownCloud Server versions 7.x prior to 7.0.5, update to version 7.0.5 or later.