Server: Code execution in /lib/migrate.php

ID OC-SA-2012-004
Type owncloud
Reporter ownCloud
Modified 2012-12-20T10:42:22


Incomplete blacklist vulnerability in lib/migrate.php in ownCloud before 4.5.2 allows authenticated remote attackers to execute arbitrary code by uploading a crafted mount.php file in an imported ZIP file.

For more information please consult the official advisory.

This advisory is licensed CC BY-SA 4.0