CVE-2019-5476

Summary

An SQL Injection in the Nextcloud Lookup-Server < v0.3.0 (running on https://lookup.nextcloud.com) caused unauthenticated users to be able to execute arbitrary SQL commands.

Affected Software

VendorProductVersion RangeStatus
n/alookup.nextcloud.combefore v0.3.0affected

Weaknesses

  • CWE-89: SQL Injection (CWE-89)

ADP Enrichment

CVE Program Container

Additional References

References