Server: Code execution in /lib/migrate.php

2012-12-20T10:42:22
ID OC-SA-2012-004
Type owncloud
Reporter ownCloud
Modified 2012-12-20T10:42:22

Description

Incomplete blacklist vulnerability in lib/migrate.php in ownCloud before 4.5.2 allows authenticated remote attackers to execute arbitrary code by uploading a crafted mount.php file in an imported ZIP file.


For more information please consult the official advisory.

This advisory is licensed CC BY-SA 4.0