Owncloud Core
Monthly
Arbitrary code execution in ownCloud Core (ownCloud 10 Classic server, all versions before 10.15.3) allows an administrator to abuse an exposed dangerous method in the Updater component to run code on the server host. Any actor holding administrative credentials - legitimately, or via session hijack/credential theft/CSRF against an admin - can convert web-app admin rights into full server compromise. No public exploit identified at time of analysis and it is not listed in CISA KEV; the vendor-issued GHSA-hvcx-ph66-mmvw advisory and the fix in 10.15.3 are the primary confirmation.
Arbitrary code execution in ownCloud Core (ownCloud 10 Classic server, all versions before 10.15.3) allows an administrator to abuse an exposed dangerous method in the Updater component to run code on the server host. Any actor holding administrative credentials - legitimately, or via session hijack/credential theft/CSRF against an admin - can convert web-app admin rights into full server compromise. No public exploit identified at time of analysis and it is not listed in CISA KEV; the vendor-issued GHSA-hvcx-ph66-mmvw advisory and the fix in 10.15.3 are the primary confirmation.