Remote Code Execution via RAR Filename in Nextcloud ExtractionController

Remote Code Execution via RAR Filename in Nextcloud ExtractionController

CVE-2019-12739 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:P/A:P

lib/Controller/ExtractionController.php in the Extract add-on before 1.2.0 for Nextcloud allows Remote Code Execution via shell metacharacters in a RAR filename via ajax/extractRar.php (nameOfFile and directory parameters).

Learn more about our Cloud Audit.