Description

lib/base.php in ownCloud before 4.0.8 does not properly validate the user_id session variable, which allows remote authenticated users to read arbitrary files via vectors related to WebDAV.

Remediation

References

CVE-2012-5336

Related Vulnerabilities

WordPress Plugin Church Admin Arbitrary File Upload (1.2530)

WordPress Plugin WP-Filebase Download Manager Remote Code Execution (0.3.0.03)

WordPress Plugin Ad Manager by WD-Advanced Ad Manager Multiple Vulnerabilities (1.0.11)

Drupal Permissions, Privileges, and Access Controls Vulnerability (CVE-2008-3742)

jszip Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2022-48285)

Severity

Medium

Classification

CVE-2012-5336 CWE-20

Tags

Missing Update Known Vulnerabilities