CVE-2019-25337

Exploit

EPSS 0.17%
Veröffentlicht 12.02.2026 22:48:45
Zuletzt bearbeitet 15.04.2026 00:35:42
Quelle disclosure@vulncheck.com
CVE-Watchlists
Login
Unerledigt
Login

OwnCloud 8.1.8 - Username Disclosure

OwnCloud 8.1.8 contains a username enumeration vulnerability that allows remote attackers to discover user accounts by manipulating the share.php endpoint. Attackers can send crafted GET requests to /index.php/core/ajax/share.php with a wildcard search parameter to retrieve comprehensive user information.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 7

CNA 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerOwnCloud

≫

Produkt OwnCloud

Version 8.1.8

Status affected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.17%	0.376

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
disclosure@vulncheck.com	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
disclosure@vulncheck.com	5.3	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-203 Observable Discrepancy

The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which exposes security-relevant information about the state of the product, such as whether a particular operation was successful or not.

https://www.exploit-db.com/exploits/47745

https://owncloud.org/

https://ftp.icm.edu.pl/packages/owncloud/

https://www.vulncheck.com/advisories/owncloud-username-disclosure

https://nvd.nist.gov/vuln/detail/CVE-2019-25337

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-25337

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-25337

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2019-25337