CVE-2012-5609

Name of the Vulnerable Software and Affected Versions ownCloud versions prior to 4.5.2

Description The issue allows remote authenticated users to execute arbitrary PHP code by uploading a crafted mount.php file in a ZIP file. This is due to an incomplete blacklist vulnerability in lib/migrate.php.

Recommendations For versions prior to 4.5.2, update to version 4.5.2 or later to resolve the issue. As a temporary workaround, consider restricting file uploads or disabling the execution of PHP code in uploaded files until a patch is applied.