ownCloud 4.0.6 and all versions previous to this doesn’t sufficiently verify whether a request to appconfig.php was sent by an admin, which allows remote authenticated users to edit app configurations.
NOTE: this can be leveraged by unauthenticated remote attackers using CVE-2012-4393.
For more information please consult the official advisory.
This advisory is licensed CC BY-SA 4.0
CPE | Name | Operator | Version |
---|---|---|---|
owncloud server | lt | 4.0.6 |