Medium severity5.9NVD Advisory· Published Jan 23, 2017· Updated Jun 17, 2026
CVE-2016-5876
CVE-2016-5876
Description
ownCloud server before 8.2.6 and 9.x before 9.0.3, when the gallery app is enabled, allows remote attackers to download arbitrary images via a direct request.
Affected products
5cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*+ 4 more
- cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*range: <=8.2.5
- cpe:2.3:a:owncloud:owncloud:9.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:owncloud:owncloud:9.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:owncloud:owncloud:9.0.2:*:*:*:*:*:*:*
- (no CPE)range: <8.2.6, <9.0.3
Patches
Vulnerability mechanics
References
2- owncloud.org/security/advisory/nvdPatchVendor Advisory
- www.securityfocus.com/bid/95861nvd
News mentions
0No linked articles in our index yet.