Server: Multiple code executions

2013-02-20T10:42:22
ID OC-SA-2013-006
Type owncloud
Reporter ownCloud
Modified 2013-02-20T10:42:22

Description

A code executions vulnerability in ownCloud 4.5.6 and 4.0.11 and all prior versions allow authenticated remote attackers to execute arbitrary PHP code via

  • unspecified POST parameters to translations.php in /core/ajax/
    • Commits: 74e73bc (stable4), ece08cd (stable45)
    • Risk: Critical

A code executions vulnerability in ownCloud 4.5.6 and all prior versions (except ownCloud 4.0.x) allow authenticated remote attackers to execute arbitrary PHP code via

  • unspecified POST parameters to settings.php in /core/
    • Commits: 746aa0 (stable45)
    • Risk: Critical

For more information please consult the official advisory.

This advisory is licensed CC BY-SA 4.0