Nextcloud: >> Extract >> 1.1.0 Security Vulnerabilities
lib/Controller/ExtractionController.php in the Extract add-on before 1.2.0 for Nextcloud allows Remote Code Execution via shell metacharacters in a RAR filename via ajax/extractRar.php (nameOfFile and directory parameters).
CVSS Score
9.0
EPSS Score
0.015
Published
2019-06-05