Reporter Lukas Reschke – ownCloud Inc. (email@example.com) – Vulnerability discovery and disclosure.
Incomplete blacklist vulnerability in lib/migrate.php in ownCloud before 4.0.13 and 4.5.8 allows an authenticated remote attacker to import arbitrary files on the server inside his user account.
- ownCloud Server < 4.5.8 (CVE-2013-1851)
- ownCloud Server < 4.0.13 (CVE-2013-1851)
It is recommended that all instances are upgraded to ownCloud Server 4.5.9 or 4.0.13.
The ownCloud team thanks the following people for their research and responsible disclosure of the above advisory:
- Lukas Reschke - ownCloud Inc. (firstname.lastname@example.org) - Vulnerability discovery and disclosure.