PT-2012-5363 · Owncloud · Owncloud

Publicado

2012-09-05

Atualizado

2025-03-31

CVE-2012-4389

CVSS v2.0

6.8

Média

Vetor

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions ownCloud versions prior to 4.0.7

Description The issue allows remote attackers to execute arbitrary code by uploading a crafted .htaccess file in an import.zip file and accessing an uploaded PHP file. This is due to an incomplete blacklist vulnerability in lib/migrate.php.

Recommendations For versions prior to 4.0.7, update to version 4.0.7 or later to resolve the issue.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2012-4389

Produtos afetados

Owncloud

PT-2012-5363 · Owncloud · Owncloud

CVE-2012-4389

Identificadores relacionados

Produtos afetados

Referências · 5