User Deletion Vulnerability in ownCloud/core Versions < 10.6

User Deletion Vulnerability in ownCloud/core Versions < 10.6

CVE-2020-28645 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Deleting users with certain names caused system files to be deleted. Risk is higher for systems which allow users to register themselves and have the data directory in the web root. This affects ownCloud/core versions < 10.6.

Learn more about our Web App Pen Testing.