Description
Multiple incomplete blacklist vulnerabilities in (1) import.php and (2) ajax/uploadimport.php in apps/contacts/ in ownCloud before 4.0.13 and 4.5.x before 4.5.8 allow remote authenticated users to execute arbitrary PHP code by uploading a .htaccess file.
Remediation
References
Related Vulnerabilities
Python Improper Neutralization of CRLF Sequences ('CRLF Injection') Vulnerability (CVE-2019-9947)
Plone CMS Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-4198)
WordPress Plugin iThemes Security (formerly Better WP Security) SQL Injection (7.0.2)
WordPress Plugin Newsletter Manager PHP Object Injection (1.5.1)
Joomla Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2009-1280)