CVE-2014-2054

Published: Jun 4, 2014Modified: May 6, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

PHPExcel before 1.8.0, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, does not disable external entity loading in libxml, which allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity (XXE) attack.

Affected (19)

Products: Owncloud: Owncloud Server · Phpexcel Project: Phpexcel

1 product

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Owncloud Owncloud Server	Version 6.0.0
Owncloud Owncloud Server	Version 6.0.1

Configuration B

17 vulnerable

Vulnerable Software	Affected Versions
Owncloud Owncloud Server	Up to 5.0.14
Owncloud Owncloud Server	Version 5.0.0
Owncloud Owncloud Server	Version 5.0.10
Owncloud Owncloud Server	Version 5.0.11
Owncloud Owncloud Server	Version 5.0.12
Owncloud Owncloud Server	Version 5.0.13
Owncloud Owncloud Server	Version 5.0.14
Owncloud Owncloud Server	Version 5.0.1
Owncloud Owncloud Server	Version 5.0.2
Owncloud Owncloud Server	Version 5.0.3
Owncloud Owncloud Server	Version 5.0.4
Owncloud Owncloud Server	Version 5.0.5
Owncloud Owncloud Server	Version 5.0.6
Owncloud Owncloud Server	Version 5.0.7
Owncloud Owncloud Server	Version 5.0.8
Owncloud Owncloud Server	Version 5.0.9
Phpexcel Project Phpexcel	Up to 1.7.9

References (4)

http://owncloud.org/about/security/advisories/oC-SA-2014-006/

Source: cve@mitre.org

Vendor Advisory

https://github.com/PHPOffice/PHPExcel/blob/develop/changelog.txt

Source: cve@mitre.org

http://owncloud.org/about/security/advisories/oC-SA-2014-006/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://github.com/PHPOffice/PHPExcel/blob/develop/changelog.txt

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.