CVE-2012-5609

Sažetak

Incomplete blacklist vulnerability in lib/migrate.php in ownCloud before 4.5.2 allows remote authenticated users to execute arbitrary PHP code by uploading a crafted mount.php file in a ZIP file.

Reference

http://owncloud.org/changelog/
http://owncloud.org/security/advisories/oc-sa-2012-004/
http://secunia.com/advisories/51357
http://www.openwall.com/lists/oss-security/2012/11/30/3
https://github.com/owncloud/core/commit/4619c66
https://github.com/owncloud/core/commit/e8a0cea

CVSS

Base:	6.5
Impact:	6.4
Exploitability:	8.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:S/C:P/I:P/A:P

Zadnje važnije ažuriranje

19-12-2012 - 05:00

Objavljeno

18-12-2012 - 01:55