CVE-2015-4715

NameCVE-2015-4715
DescriptionThe fetch function in OAuth/Curl.php in Dropbox-PHP, as used in ownCloud Server before 6.0.8, 7.x before 7.0.6, and 8.x before 8.0.4 when an external Dropbox storage has been mounted, allows remote administrators of Dropbox.com to read arbitrary files via an @ (at sign) character in unspecified POST values.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
php-dropboxsourcejessie1.0.0-3+deb8u1
php-dropboxsource(unstable)1.0.0-4unimportant

Notes

https://owncloud.org/security/advisory/?id=oc-sa-2015-005
Only relevant if server runs PHP below 5.6.0
Search for package or bug name: Reporting problems