File Extension Manipulation Vulnerability in Nextcloud Server by Nextcloud
CVE-2019-15613
8HIGH
What is CVE-2019-15613?
A vulnerability in Nextcloud Server version 17.0.1 arises from a flaw in its workflow rules, which improperly base their functionality on file extensions. This misconfiguration allows attackers to exploit the system by manipulating file mimetypes, leading to potential unauthorized actions within the application. Proper validation mechanisms for file types are bypassed if the file extension does not correspond to the actual content, posing risks to data integrity and system security.
Affected Version(s)
Nextcloud Server 17.0.2