Unrated severityNVD Advisory· Published Aug 20, 2014· Updated May 6, 2026
CVE-2014-4929
CVE-2014-4929
Description
Directory traversal vulnerability in the routing component in ownCloud Server before 5.0.17 and 6.0.x before 6.0.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in a filename, related to index.php.
Affected products
22cpe:2.3:a:owncloud:owncloud_server:5.0.0:*:*:*:*:*:*:*+ 20 more
- cpe:2.3:a:owncloud:owncloud_server:5.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:owncloud:owncloud_server:5.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:owncloud:owncloud_server:5.0.10:*:*:*:*:*:*:*
- cpe:2.3:a:owncloud:owncloud_server:5.0.11:*:*:*:*:*:*:*
- cpe:2.3:a:owncloud:owncloud_server:5.0.12:*:*:*:*:*:*:*
- cpe:2.3:a:owncloud:owncloud_server:5.0.13:*:*:*:*:*:*:*
- cpe:2.3:a:owncloud:owncloud_server:5.0.14:*:*:*:*:*:*:*
- cpe:2.3:a:owncloud:owncloud_server:5.0.14:a:*:*:*:*:*:*
- cpe:2.3:a:owncloud:owncloud_server:5.0.15:*:*:*:*:*:*:*
- cpe:2.3:a:owncloud:owncloud_server:5.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:owncloud:owncloud_server:5.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:owncloud:owncloud_server:5.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:owncloud:owncloud_server:5.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:owncloud:owncloud_server:5.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:owncloud:owncloud_server:5.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:owncloud:owncloud_server:5.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:owncloud:owncloud_server:5.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:owncloud:owncloud_server:6.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:owncloud:owncloud_server:6.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:owncloud:owncloud_server:6.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:owncloud:owncloud_server:6.0.3:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4News mentions
0No linked articles in our index yet.