ownCloud Multiple Arbitrary PHP Code Execution Vulnerabilities
BID:58109
Info
ownCloud Multiple Arbitrary PHP Code Execution Vulnerabilities
| Bugtraq ID: | 58109 |
| Class: | Input Validation Error |
| CVE: |
CVE-2013-0303 CVE-2013-7344 |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 21 2013 12:00AM |
| Updated: | Apr 08 2014 12:57AM |
| Credit: | The vendor reported this issue. |
| Vulnerable: | |
| Not Vulnerable: | |
Discussion
ownCloud Multiple Arbitrary PHP Code Execution Vulnerabilities
ownCloud is prone to multiple arbitrary PHP code-execution vulnerabilities because it fails to properly validate user-supplied input.
An attacker can exploit these issues to execute arbitrary PHP code within the context of the web server.
Versions prior to ownCloud 4.5.7 and 4.0.12 are vulnerable.
ownCloud is prone to multiple arbitrary PHP code-execution vulnerabilities because it fails to properly validate user-supplied input.
An attacker can exploit these issues to execute arbitrary PHP code within the context of the web server.
Versions prior to ownCloud 4.5.7 and 4.0.12 are vulnerable.
Exploit / POC
ownCloud Multiple Arbitrary PHP Code Execution Vulnerabilities
Attackers can use a browser to exploit these issues.
Attackers can use a browser to exploit these issues.
Solution / Fix
ownCloud Multiple Arbitrary PHP Code Execution Vulnerabilities
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Solution:
Updates are available. Please see the references or vendor advisory for more information.
References
ownCloud Multiple Arbitrary PHP Code Execution Vulnerabilities
References:
References:
- ownCloud Homepage (ownCloud)