Description

lib/base.php in ownCloud before 4.0.8 does not properly validate the user_id session variable, which allows remote authenticated users to read arbitrary files via vectors related to WebDAV.

Remediation

References

CVE-2012-5336

Related Vulnerabilities

WordPress Plugin Zingiri Web Shop 'ajax_save_name.php' Remote Code Execution (2.2.3)

Oracle JRE CVE-2018-2627 Vulnerability (CVE-2018-2627)

Drupal Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-5651)

Liferay Portal URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2022-28977)

Python Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') Vulnerability (CVE-2021-3177)

Severity

Medium

Classification

CVE-2012-5336 CWE-20

Tags

Missing Update Known Vulnerabilities