Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
ownCloud Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability - CVE-2023-23948 - Vulnerability Database
ownCloud

ownCloud Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability - CVE-2023-23948

Medium
Reference: CVE-2023-23948
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2023-23948
Title: ownCloud Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
Overview:

The ownCloud Android app allows ownCloud users to access share and edit files and folders. Version 2.21.1 of the ownCloud Android app is vulnerable to SQL injection in FileContentProvider.kt. This issue can lead to information disclosure. Two databases filelist and owncloud_database are affected. In version 3.0 the filelist database was deprecated. However injections affecting owncloud_database remain relevant as of version 3.0.