CVE-2015-4716

critical

Published 2015-10-21 · Modified 2026-05-06

CVSS v3

—

CVSS v2

10.0

VIR risk

10.0

Description

Directory traversal vulnerability in the routing component in ownCloud Server before 7.0.6 and 8.0.x before 8.0.4, when running on Windows, allows remote attackers to reinstall the application or execute arbitrary code via unspecified vectors.

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://owncloud.org/security/advisory/?id=oc-sa-2015-006

Application impact

Vendor	Product	Versions
owncloud	owncloud	`{"endIncluding":"7.0.5"}`
owncloud	owncloud_server	`8.0.0`
owncloud	owncloud_server	`8.0.2`
owncloud	owncloud_server	`8.0.3`

References

http://www.debian.org/security/2015/dsa-3373
http://www.securityfocus.com/bid/76159
https://owncloud.org/security/advisory/?id=oc-sa-2015-006
http://www.debian.org/security/2015/dsa-3373
http://www.securityfocus.com/bid/76159
https://owncloud.org/security/advisory/?id=oc-sa-2015-006

CWEs

CWE-22

Verify integrity in audit chain (admin only). AS-IS.