3 matches found
CVE-2013-1893
SQL injection vulnerability in addressbookprovider.php in ownCloud Server before 5.0.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, related to the contacts application...
CVE-2013-1893
CVE-2013-1893 : In ownCloud Server before 5.0.1, the addressbookprovider.php handling within the Contacts app is vulnerable to SQL injection. The root cause is failure to neutralize special elements passed to the SQL query, allowing remote authenticated users to execute arbitrary SQL commands via...
contacts: SQL Injection - ownCloud
ownCloud before 5.0.1 does not neutralize special elements that are passed to the SQL query in addressbookprovider.php which therefore allows an authenticated attacker to execute arbitrary SQL commands. Affected Software ownCloud Server 5.0.1 CVE-2013-1893 Action Taken It is recommended that all...