Lucene search
OwnCloudOC-SA-2012-016HistoryJul 01, 2012 - 11:42 a.m.
Server: Auth bypass in index.php
2012-07-0111:42:22
owncloud.org
22
0.004 Low
EPSS
Percentile
72.3%
ownCloud 4.0.6 and all versions previous to this doesn’t sufficiently verify whether a request to appconfig.php was sent by an admin, which allows remote authenticated users to edit app configurations.
NOTE: this can be leveraged by unauthenticated remote attackers using CVE-2012-4393.
For more information please consult the official advisory.
This advisory is licensed CC BY-SA 4.0
| CPE | Name | Operator | Version |
|---|---|---|---|
| owncloud server | lt | 4.0.6 |
Related
owncloud
owncloud
Auth bypass in index.php - ownCloud
2012-07-01 17:18:39
Several CSRF security fixes - ownCloud
2012-07-01 17:19:52
Server: Several CSRF security fixes
2012-07-01 11:42:22
openvas
openvas
ownCloud < 4.0.6 Multiple Vulnerabilities (oC-SA-2012-016, oC-SA-2012-017)
2021-09-21 00:00:00
cvelist
cvelist
CVE-2012-4752
2022-10-03 16:15:34
CVE-2012-4393
2022-10-03 16:15:32
ubuntucve
ubuntucve
CVE-2012-4752
2012-09-05 00:00:00
CVE-2012-4393
2012-09-05 00:00:00
nvd
nvd
CVE-2012-4752
2012-09-05 23:55:03
CVE-2012-4393
2012-09-05 23:55:02
cve
cve
CVE-2012-4752
2022-10-03 16:15:34
CVE-2012-4393
2022-10-03 16:15:32
prion
prion
Code injection
2012-09-05 23:55:00
Cross site request forgery (csrf)
2012-09-05 23:55:00