ownCloud 'addressbookprovider.php' SQL Injection Vulnerability
BID:58855
CVE-2013-1893 |Info
ownCloud 'addressbookprovider.php' SQL Injection Vulnerability
| Bugtraq ID: | 58855 |
| Class: | Input Validation Error |
| CVE: |
CVE-2013-1893 |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 03 2013 12:00AM |
| Updated: | Apr 03 2013 12:00AM |
| Credit: | Alexander Bürger |
| Vulnerable: | |
| Not Vulnerable: | |
Discussion
ownCloud 'addressbookprovider.php' Script SQL Injection Vulnerability
ownCloud is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied input before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Versions prior to ownCloud 5.0.1 are vulnerable.
ownCloud is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied input before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Versions prior to ownCloud 5.0.1 are vulnerable.
Exploit / POC
ownCloud 'addressbookprovider.php' Script SQL Injection Vulnerability
Attackers can use a browser to exploit this issue.
Attackers can use a browser to exploit this issue.
Solution / Fix
ownCloud 'addressbookprovider.php' Script SQL Injection Vulnerability
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Solution:
Updates are available. Please see the references or vendor advisory for more information.
References
ownCloud 'addressbookprovider.php' Script SQL Injection Vulnerability
References:
References:
- ownCloud Homepage (ownCloud)