CVE-2019-12739

Published: 2019-06-05T14:29Z

Last Modified: 2024-11-21T04:23Z

Source: MITRE CVE List

License: MITRE-CVE-TOS

lib/Controller/ExtractionController.php in the Extract add-on before 1.2.0 for Nextcloud allows Remote Code Execution via shell metacharacters in a RAR filename via ajax/extractRar.php (nameOfFile and directory parameters). > MITRE Terms of Use apply – see LICENSE‑MITRE.txt