CVE-2019-5476

CRITICAL

9.8

CVSS Severity Score

EPSS Score0.1620%

EPSS Percentile15.63th

PublishedAug 7, 2019

Last ModifiedNov 21, 2024

Vulnerability Description

An SQL Injection in the Nextcloud Lookup-Server < v0.3.0 (running on https://lookup.nextcloud.com) caused unauthenticated users to be able to execute arbitrary SQL commands.

Affected Platforms (CPE)

📦

Nextcloud

Lookup Server

< 0.3.0

References & Advisories

🔗 https://hackerone.com/reports/508487

Related Vulnerabilities

CVE-2021-4422810.0

Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration...

CVE-2001-002910.0

Buffer overflow in oops WWW proxy server 1.4.6 (and possibly other versions) allows remote attackers to execute arbitrary commands...

CVE-2021-315359.8

LookupCol.c in X.Org X through X11R7.7 and libX11 before 1.7.1 might allow remote attackers to execute arbitrary code. The libX11 ...

CVE-2017-116108.8

The XML-RPC server in supervisor before 3.0.1, 3.1.x before 3.1.4, 3.2.x before 3.2.4, and 3.3.x before 3.3.3 allows remote authen...