Due to not sufficiently sanitizing the user input in “settings/personal.php” in ownCloud 4.5.x before 4.5.6 an authenticated remote attackers may be able to execute arbitrary code by entering special crafted PHP code in the mount point settings.
It is recommended that all instances are upgraded to ownCloud Server 4.5.6.
The ownCloud team thanks the following people for their research and responsible disclosure of the above advisory:
CPE | Name | Operator | Version |
---|---|---|---|
owncloud server | lt | 4.5.6 |