6.7 Medium
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
36.7%
lib/base.php in ownCloud before 4.0.8 does not properly validate the user_id session variable, which allows remote authenticated users to read arbitrary files via vectors related to WebDAV.
owncloud.org/about/security/advisories/CVE-2012-5336/