2 matches found
CVE-2013-2089
CVE-2013-2089 affects ownCloud up to version 5.0.6, where an incomplete blacklist in file upload handling allows authenticated remote users to execute arbitrary PHP code by uploading a crafted file and then requesting it directly from /data. The issue originates from insufficient validation of up...
Incomplete blacklist vulnerability - ownCloud
Incomplete blacklist vulnerability in ownCloud before 5.0.6 allows authenticated remote attackers to execute arbitrary PHP code by uploading a crafted file and accessing an uploaded PHP file. Note: Successful exploitation requires that the /data/ directory is stored inside the webroot and a...