CVE-2013-2089

Severity

46%

Complexity

39%

Confidentiality

106%

Per: https://cwe.mitre.org/data/definitions/184.html "CWE-184: Incomplete Blacklist"

Incomplete blacklist vulnerability in ownCloud before 5.0.6 allows remote authenticated users to execute arbitrary PHP code by uploading a crafted file, then accessing it via a direct request to the file in /data.

Per: https://cwe.mitre.org/data/definitions/184.html "CWE-184: Incomplete Blacklist"

CVSS 2.0 Base Score 4.6. CVSS Attack Vector: network. CVSS Attack Complexity: high. CVSS Vector: (AV:N/AC:H/Au:S/C:P/I:P/A:P).

Overview

First reported 10 years ago

2014-03-14 16:55:00

Last updated 10 years ago

2014-03-17 15:36:00

Affected Software

ownCloud 5.0.0

5.0.0

ownCloud 5.0.1

5.0.1

ownCloud 5.0.2

5.0.2

ownCloud 5.0.3

5.0.3

ownCloud 5.0.4

5.0.4

ownCloud

References

http://owncloud.org/about/security/advisories/oC-SA-2013-026/

Patch, Vendor Advisory

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.