The ownCloud Android app allows ownCloud users to access, share, and edit files and folders. Version 2.21.1 of the ownCloud Android app is vulnerable to SQL injection in `FileContentProvider.kt`. This issue can lead to information disclosure. Two databases, `filelist` and `owncloud_database`, are affected. In version 3.0, the `filelist` database was deprecated. However, injections affecting `owncloud_database` remain relevant as of version 3.0.
References
| Link | Resource |
|---|---|
| https://securitylab.github.com/advisories/GHSL-2022-059_GHSL-2022-060_Owncloud_Android_app/ | Exploit Third Party Advisory |
| https://securitylab.github.com/advisories/GHSL-2022-059_GHSL-2022-060_Owncloud_Android_app/ | Exploit Third Party Advisory |
Configurations
History
26 Mar 2025, 17:06
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://securitylab.github.com/advisories/GHSL-2022-059_GHSL-2022-060_Owncloud_Android_app/ - Exploit, Third Party Advisory | |
| CPE | cpe:2.3:a:owncloud:owncloud_client:*:*:*:*:*:android:*:* | |
| Summary | The ownCloud Android app allows ownCloud users to access, share, and edit files and folders. Version 2.21.1 of the ownCloud Android app is vulnerable to SQL injection in `FileContentProvider.kt`. This issue can lead to information disclosure. Two databases, `filelist` and `owncloud_database`, are affected. In version 3.0, the `filelist` database was deprecated. However, injections affecting `owncloud_database` remain relevant as of version 3.0. | |
| First Time |
Owncloud owncloud Client
|
Information
Published : 2023-02-13 17:15
Updated : 2025-03-26 17:06
NVD link : CVE-2023-23948
Mitre link : CVE-2023-23948
JSON object : View
Products Affected
owncloud
- owncloud_client
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')