Daniel Moreno

**Name of the Vulnerable Software and Affected Versions** OwnCloud version 8.1.8 **Description** The software contains a flaw that allows remote attackers to discover user accounts. This is achieved by manipulating the `share.php` endpoint. Attackers can send specially crafted GET requests to the `/index.php/core/ajax/share.php` API endpoint, utilizing a wildcard search parameter to obtain comprehensive user information. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.