CVE-2013-0299

Name of the Vulnerable Software and Affected Versions ownCloud versions prior to 4.0.12 ownCloud versions 4.5.x prior to 4.5.7

Description The issue allows remote attackers to hijack user authentication for various requests. This includes changing the timezone via the lat and lng parameters to "apps/calendar/ajax/settings/guesstimezone.php", disabling or enabling automatic timezone detection via the timezonedetection parameter to "apps/calendar/ajax/settings/timezonedetection.php", importing user accounts via the admin export parameter to "apps/admin migrate/settings.php", overwriting user files via the operation parameter to "apps/user migrate/ajax/export.php", or changing the authentication server URL.

Recommendations For ownCloud versions prior to 4.0.12, update to version 4.0.12 or later. For ownCloud versions 4.5.x prior to 4.5.7, update to version 4.5.7 or later.