Vulnerability Details CVE-2014-2054
PHPExcel before 1.8.0, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, does not disable external entity loading in libxml, which allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity (XXE) attack.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 66.3%
CVSS Severity
CVSS v2 Score 7.5
References
Products affected by CVE-2014-2054
-
cpe:2.3:a:owncloud:owncloud_server:5.0.0
-
cpe:2.3:a:owncloud:owncloud_server:5.0.1
-
cpe:2.3:a:owncloud:owncloud_server:5.0.10
-
cpe:2.3:a:owncloud:owncloud_server:5.0.11
-
cpe:2.3:a:owncloud:owncloud_server:5.0.12
-
cpe:2.3:a:owncloud:owncloud_server:5.0.13
-
cpe:2.3:a:owncloud:owncloud_server:5.0.14
-
cpe:2.3:a:owncloud:owncloud_server:5.0.2
-
cpe:2.3:a:owncloud:owncloud_server:5.0.3
-
cpe:2.3:a:owncloud:owncloud_server:5.0.4
-
cpe:2.3:a:owncloud:owncloud_server:5.0.5
-
cpe:2.3:a:owncloud:owncloud_server:5.0.6
-
cpe:2.3:a:owncloud:owncloud_server:5.0.7
-
cpe:2.3:a:owncloud:owncloud_server:5.0.8
-
cpe:2.3:a:owncloud:owncloud_server:5.0.9
-
cpe:2.3:a:owncloud:owncloud_server:6.0.0
-
cpe:2.3:a:owncloud:owncloud_server:6.0.1
-
cpe:2.3:a:phpexcel_project:phpexcel:1.7.9