VYPR
Medium severity5.9NVD Advisory· Published Jan 23, 2017· Updated Jun 17, 2026

CVE-2016-5876

CVE-2016-5876

Description

ownCloud server before 8.2.6 and 9.x before 9.0.3, when the gallery app is enabled, allows remote attackers to download arbitrary images via a direct request.

Affected products

5
  • OwnCloud/Owncloud5 versions
    cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*+ 4 more
    • cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*range: <=8.2.5
    • cpe:2.3:a:owncloud:owncloud:9.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:owncloud:owncloud:9.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:owncloud:owncloud:9.0.2:*:*:*:*:*:*:*
    • (no CPE)range: <8.2.6, <9.0.3

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.