Due to an insufficient permission check, an authenticated attacker is able to execute API commands as administrator. Additionally, an unauthenticated attacker could abuse this flaw as a cross-site request forgery vulnerability.
For more information please consult the official advisory.
This advisory is licensed CC BY-SA 4.0
CPE | Name | Operator | Version |
---|---|---|---|
owncloud server | lt | 5.0.6 |