Incomplete blacklist vulnerability in lib/migrate.php in ownCloud before 4.5.2 allows remote authenticated users to execute arbitrary PHP code by uploading a crafted mount.php file in a ZIP file.
| Date Added | Due Date | Vulnerability Name | Required Action |
|---|---|---|---|
| N/A |
| Type | Version | Base score | Base severity | Vector |
|---|---|---|---|---|
| Primary | 2.0 | 6.5 | MEDIUM | AV:N/AC:L/Au:S/C:P/I:P/A:P |
| CWE ID | Type | Source |
|---|---|---|
| NVD-CWE-Other | Primary | nvd@nist.gov |
| Hyperlink | Source | Resource |
|---|---|---|
| http://owncloud.org/changelog/ | secalert@redhat.com | N/A |
| http://owncloud.org/security/advisories/oc-sa-2012-004/ | secalert@redhat.com | Patch Vendor Advisory |
| http://secunia.com/advisories/51357 | secalert@redhat.com | Vendor Advisory |
| http://www.openwall.com/lists/oss-security/2012/11/30/3 | secalert@redhat.com | N/A |
| https://github.com/owncloud/core/commit/4619c66 | secalert@redhat.com | Patch |
| https://github.com/owncloud/core/commit/e8a0cea | secalert@redhat.com | Patch |
| http://owncloud.org/changelog/ | af854a3a-2127-422b-91ae-364da2661108 | N/A |
| http://owncloud.org/security/advisories/oc-sa-2012-004/ | af854a3a-2127-422b-91ae-364da2661108 | Patch Vendor Advisory |
| http://secunia.com/advisories/51357 | af854a3a-2127-422b-91ae-364da2661108 | Vendor Advisory |
| http://www.openwall.com/lists/oss-security/2012/11/30/3 | af854a3a-2127-422b-91ae-364da2661108 | N/A |
| https://github.com/owncloud/core/commit/4619c66 | af854a3a-2127-422b-91ae-364da2661108 | Patch |
| https://github.com/owncloud/core/commit/e8a0cea | af854a3a-2127-422b-91ae-364da2661108 | Patch |