Moderate severityNVD Advisory· Published Jun 4, 2014· Updated Jun 17, 2026
CVE-2014-2054
CVE-2014-2054
Description
PHPExcel before 1.8.0, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, does not disable external entity loading in libxml, which allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity (XXE) attack.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
phpoffice/phpexcelPackagist | < 1.8.0 | 1.8.0 |
Affected products
20cpe:2.3:a:owncloud:owncloud_server:5.0.0:*:*:*:*:*:*:*+ 17 more
- cpe:2.3:a:owncloud:owncloud_server:5.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:owncloud:owncloud_server:5.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:owncloud:owncloud_server:5.0.10:*:*:*:*:*:*:*
- cpe:2.3:a:owncloud:owncloud_server:5.0.11:*:*:*:*:*:*:*
- cpe:2.3:a:owncloud:owncloud_server:5.0.12:*:*:*:*:*:*:*
- cpe:2.3:a:owncloud:owncloud_server:5.0.13:*:*:*:*:*:*:*
- cpe:2.3:a:owncloud:owncloud_server:5.0.14:*:*:*:*:*:*:*
- cpe:2.3:a:owncloud:owncloud_server:5.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:owncloud:owncloud_server:5.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:owncloud:owncloud_server:5.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:owncloud:owncloud_server:5.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:owncloud:owncloud_server:5.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:owncloud:owncloud_server:5.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:owncloud:owncloud_server:5.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:owncloud:owncloud_server:5.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:owncloud:owncloud_server:6.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:owncloud:owncloud_server:6.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:owncloud:owncloud_server:*:a:*:*:*:*:*:*range: <=5.0.14
Patches
Vulnerability mechanics
References
7- owncloud.org/about/security/advisories/oC-SA-2014-006/nvdVendor Advisory
- github.com/advisories/GHSA-28rm-rj57-qjpvghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2014-2054ghsaADVISORY
- owncloud.org/about/security/advisories/oC-SA-2014-006ghsaWEB
- github.com/PHPOffice/PHPExcel/blob/2b601574975acfb9d4378a788ed5f2b747958095/changelog.txtghsaWEB
- github.com/PHPOffice/PHPExcel/blob/develop/changelog.txtnvdWEB
- github.com/PHPOffice/PHPExcel/commit/e04bf7ed091b0a72d028eacf26d770b485d4e897ghsaWEB
News mentions
0No linked articles in our index yet.