{"id":"CVE-2019-5454","details":"SQL Injection in the Nextcloud Android app prior to version 3.0.0 allows to destroy a local cache when a harmful query is executed requiring to resetup the account.","modified":"2026-04-11T12:20:21.503442Z","published":"2019-07-30T21:15:11.927Z","database_specific":{"unresolved_ranges":[{"cpe":"cpe:2.3:a:nextcloud:nextcloud:1.1.0:rc1:*:*:*:android:*:*","extracted_events":[{"last_affected":"1.1.0-rc1"}],"source":"CPE_FIELD"},{"cpe":"cpe:2.3:a:nextcloud:nextcloud:1.1.0:rc2:*:*:*:android:*:*","extracted_events":[{"last_affected":"1.1.0-rc2"}],"source":"CPE_FIELD"},{"cpe":"cpe:2.3:a:nextcloud:nextcloud:1.2.0:rc1:*:*:*:android:*:*","extracted_events":[{"last_affected":"1.2.0-rc1"}],"source":"CPE_FIELD"},{"cpe":"cpe:2.3:a:nextcloud:nextcloud:1.2.0:rc2:*:*:*:android:*:*","extracted_events":[{"last_affected":"1.2.0-rc2"}],"source":"CPE_FIELD"},{"cpe":"cpe:2.3:a:nextcloud:nextcloud:1.3.0:rc1:*:*:*:android:*:*","extracted_events":[{"last_affected":"1.3.0-rc1"}],"source":"CPE_FIELD"},{"cpe":"cpe:2.3:a:nextcloud:nextcloud:1.3.0:rc2:*:*:*:android:*:*","extracted_events":[{"last_affected":"1.3.0-rc2"}],"source":"CPE_FIELD"},{"cpe":"cpe:2.3:a:nextcloud:nextcloud:1.4.0:rc2:*:*:*:android:*:*","extracted_events":[{"last_affected":"1.4.0-rc2"}],"source":"CPE_FIELD"},{"cpe":"cpe:2.3:a:nextcloud:nextcloud:1.4.0:rc3:*:*:*:android:*:*","extracted_events":[{"last_affected":"1.4.0-rc3"}],"source":"CPE_FIELD"},{"cpe":"cpe:2.3:a:nextcloud:nextcloud:1.4.0:rc4:*:*:*:android:*:*","extracted_events":[{"last_affected":"1.4.0-rc4"}],"source":"CPE_FIELD"},{"cpe":"cpe:2.3:a:nextcloud:nextcloud:1.4.1:rc1:*:*:*:android:*:*","extracted_events":[{"last_affected":"1.4.1-rc1"}],"source":"CPE_FIELD"},{"cpe":"cpe:2.3:a:nextcloud:nextcloud:1.4.1:rc2:*:*:*:android:*:*","extracted_events":[{"last_affected":"1.4.1-rc2"}],"source":"CPE_FIELD"},{"cpe":"cpe:2.3:a:nextcloud:nextcloud:1.4.1:rc3:*:*:*:android:*:*","extracted_events":[{"last_affected":"1.4.1-rc3"}],"source":"CPE_FIELD"},{"cpe":"cpe:2.3:a:nextcloud:nextcloud:1.4.1:rc4:*:*:*:android:*:*","extracted_events":[{"last_affected":"1.4.1-rc4"}],"source":"CPE_FIELD"},{"cpe":"cpe:2.3:a:nextcloud:nextcloud:1.4.2:rc1:*:*:*:android:*:*","extracted_events":[{"last_affected":"1.4.2-rc1"}],"source":"CPE_FIELD"},{"cpe":"cpe:2.3:a:nextcloud:nextcloud:1.4.2:rc2:*:*:*:android:*:*","extracted_events":[{"last_affected":"1.4.2-rc2"}],"source":"CPE_FIELD"},{"cpe":"cpe:2.3:a:nextcloud:nextcloud:1.4.2:rc3:*:*:*:android:*:*","extracted_events":[{"last_affected":"1.4.2-rc3"}],"source":"CPE_FIELD"},{"cpe":"cpe:2.3:a:nextcloud:nextcloud:1.4.2:rc4:*:*:*:android:*:*","extracted_events":[{"last_affected":"1.4.2-rc4"}],"source":"CPE_FIELD"},{"cpe":"cpe:2.3:a:nextcloud:nextcloud:2.0.0:rc1:*:*:*:android:*:*","extracted_events":[{"last_affected":"2.0.0-rc1"}],"source":"CPE_FIELD"},{"cpe":"cpe:2.3:a:nextcloud:nextcloud:2.0.0:rc3:*:*:*:android:*:*","extracted_events":[{"last_affected":"2.0.0-rc3"}],"source":"CPE_FIELD"},{"cpe":"cpe:2.3:a:nextcloud:nextcloud:2.0.0:rc4:*:*:*:android:*:*","extracted_events":[{"last_affected":"2.0.0-rc4"}],"source":"CPE_FIELD"},{"cpe":"cpe:2.3:a:nextcloud:nextcloud:2.0.0:rc5:*:*:*:android:*:*","extracted_events":[{"last_affected":"2.0.0-rc5"}],"source":"CPE_FIELD"},{"cpe":"cpe:2.3:a:nextcloud:nextcloud:2.0.0:rc6:*:*:*:android:*:*","extracted_events":[{"last_affected":"2.0.0-rc6"}],"source":"CPE_FIELD"},{"cpe":"cpe:2.3:a:nextcloud:nextcloud:2.0.0:rc7:*:*:*:android:*:*","extracted_events":[{"last_affected":"2.0.0-rc7"}],"source":"CPE_FIELD"},{"cpe":"cpe:2.3:a:nextcloud:nextcloud:2.0.0:rc8:*:*:*:android:*:*","extracted_events":[{"last_affected":"2.0.0-rc8"}],"source":"CPE_FIELD"},{"cpe":"cpe:2.3:a:nextcloud:nextcloud:2.0.0:rc9:*:*:*:android:*:*","extracted_events":[{"last_affected":"2.0.0-rc9"}],"source":"CPE_FIELD"},{"cpe":"cpe:2.3:a:nextcloud:nextcloud:3.0.0:rc1:*:*:*:android:*:*","extracted_events":[{"last_affected":"3.0.0-rc1"}],"source":"CPE_FIELD"},{"cpe":"cpe:2.3:a:nextcloud:nextcloud:3.0.0:rc2:*:*:*:android:*:*","extracted_events":[{"last_affected":"3.0.0-rc2"}],"source":"CPE_FIELD"},{"cpe":"cpe:2.3:a:nextcloud:nextcloud:3.0.0:rc3:*:*:*:android:*:*","extracted_events":[{"last_affected":"3.0.0-rc3"}],"source":"CPE_FIELD"}]},"references":[{"type":"FIX","url":"https://hackerone.com/reports/291764"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/nextcloud/android","events":[{"introduced":"0"},{"last_affected":"6af7558a7df4919dd3a3b31c9f110b1c930468f0"},{"last_affected":"82a4315b85385c281964b3f94a4719e10c4c8e36"},{"last_affected":"ddeed6f496fcc8255e9845dcc82c021f14ce50ef"},{"last_affected":"c827ea5580ce8e244318886595149fa28aa3c0a8"},{"last_affected":"9725fcd3296352b413d6520c27ebad5eb220cb73"},{"last_affected":"5c6bb4e79222d497e55f5d28855ae79695bfbffa"},{"last_affected":"3d25bd7d7d373c114e37065ed560038274099ee0"},{"last_affected":"af33f93f8cf809e3fb79c32cf5365f40e9b756eb"},{"last_affected":"fce11e28e8b7b7e8d10b84f12353e4d30525dc71"},{"last_affected":"58b0592d440d6d13b892599d6ccc5e6f773139ad"},{"last_affected":"ab742dc719f55e1f4e8d73cda6c25b9f1c9f25d6"},{"last_affected":"c67eebbc0814e43ebc925bad28074bce0f494bc5"}],"database_specific":{"cpe":["cpe:2.3:a:nextcloud:nextcloud:1.0.0:*:*:*:*:android:*:*","cpe:2.3:a:nextcloud:nextcloud:1.0.1:*:*:*:*:android:*:*","cpe:2.3:a:nextcloud:nextcloud:1.1.0:-:*:*:*:android:*:*","cpe:2.3:a:nextcloud:nextcloud:1.2.0:-:*:*:*:android:*:*","cpe:2.3:a:nextcloud:nextcloud:1.3.0:-:*:*:*:android:*:*","cpe:2.3:a:nextcloud:nextcloud:1.3.1:*:*:*:*:android:*:*","cpe:2.3:a:nextcloud:nextcloud:1.4.0:-:*:*:*:android:*:*","cpe:2.3:a:nextcloud:nextcloud:1.4.1:-:*:*:*:android:*:*","cpe:2.3:a:nextcloud:nextcloud:1.4.2:-:*:*:*:android:*:*","cpe:2.3:a:nextcloud:nextcloud:1.4.3:*:*:*:*:android:*:*","cpe:2.3:a:nextcloud:nextcloud:2.0.0:-:*:*:*:android:*:*","cpe:2.3:a:nextcloud:nextcloud:2.0.1:*:*:*:*:android:*:*"],"extracted_events":[{"introduced":"0"},{"last_affected":"1.0.0"},{"last_affected":"1.0.1"},{"last_affected":"1.1.0-NA"},{"last_affected":"1.2.0-NA"},{"last_affected":"1.3.0-NA"},{"last_affected":"1.3.1"},{"last_affected":"1.4.0-NA"},{"last_affected":"1.4.1-NA"},{"last_affected":"1.4.2-NA"},{"last_affected":"1.4.3"},{"last_affected":"2.0.0-NA"},{"last_affected":"2.0.1"}],"source":"CPE_FIELD"}}],"versions":["0.99","1.0.0","1.4.6-easy-setup","oc-android-1-3-13","oc-android-1-3-14","oc-android-1-3-17","oc-android-1-3-18","oc-android-1-3-19","oc-android-1-3-20","oc-android-1-4-0","oc-android-1.4.3","oc-android-1.4.4","oc-android-1.4.5","oc-android-1.4.6","oc-android-1.5.3","oc-android-1.7.0","oc-android-1.7.0_signed","oc-android-1.7.1_signed","oc-android-1.8","rc-1.1.0-01","rc-1.1.0-02","rc-1.2.0-01","rc-1.2.0-02","rc-1.3.0-01","rc-1.3.0-02","rc-1.4.0-01","rc-1.4.0-02","rc-1.4.0-03","rc-1.4.0-04","rc-1.4.1-01","rc-1.4.1-02","rc-1.4.1-03","rc-1.4.1-04","rc-1.4.2-01","rc-1.4.2-02","rc-1.4.2-04","rc-2.0.0-01","rc-2.0.0-03","rc-2.0.0-04","rc-2.0.0-05","rc-2.0.0-06","rc-2.0.0-07","rc-2.0.0-08","rc-2.0.0-09","stable-1.0.0","stable-1.0.1","stable-1.1.0","stable-1.2.0","stable-1.3.0","stable-1.3.1","stable-1.4.0","stable-1.4.1","stable-1.4.2","stable-1.4.3","stable-2.0.0","stable-2.0.1"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-5454.json"}},{"ranges":[{"type":"GIT","repo":"https://github.com/nextcloud/desktop","events":[{"introduced":"0"},{"last_affected":"18a58f73de4f566ae65e6ba20586364419696f45"},{"last_affected":"4eadaeafc9162b743b0c366c4700e3d2f363be56"}],"database_specific":{"cpe":["cpe:2.3:a:nextcloud:nextcloud:1.4.0:rc1:*:*:*:android:*:*","cpe:2.3:a:nextcloud:nextcloud:2.0.0:rc2:*:*:*:android:*:*"],"extracted_events":[{"introduced":"0"},{"last_affected":"1.4.0-rc1"},{"last_affected":"2.0.0-rc2"}],"source":"CPE_FIELD"}}],"versions":["v0.0.2","v1.1.0","v1.1.0-beta1","v1.1.2","v1.2.0","v1.2.1","v1.2.2","v1.2.3","v1.2.4","v1.2.5","v1.3.0-beta1","v1.3.0-beta2","v1.3.0-beta3","v1.4.0","v1.4.0-beta1","v1.4.0-beta2","v1.4.0-rc1","v1.5.0","v1.5.0-beta1","v1.5.0-beta1-2nd","v1.5.0-beta2","v1.5.0-beta3","v1.5.1-rc1","v1.6.0","v1.6.0-beta1","v1.6.0-beta2","v1.6.0-rc1","v1.6.0-rc2","v1.6.0-rc3","v1.8.0-beta1","v1.8.0-beta1a","v2.0.0-beta2","v2.0.0-rc2"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-5454.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}