Description

Incomplete blacklist vulnerability in ownCloud before 5.0.6 allows remote authenticated users to execute arbitrary PHP code by uploading a crafted file, then accessing it via a direct request to the file in /data.

Remediation

References

CVE-2013-2089

Related Vulnerabilities

WordPress Plugin WP Photo Album 'id' Parameter Cross-Site Scripting (1.5.1)

MySQL CVE-2013-0368 Vulnerability (CVE-2013-0368)

Collabtive Improper Privilege Management Vulnerability (CVE-2013-5027)

WordPress Plugin Product Catalog Arbitrary File Upload (3.8.6)

WordPress Plugin MP3-jPlayer Multiple Cross-Site Request Forgery Vulnerabilities (2.7.3)

Severity

Medium

Classification

CVE-2013-2089

Tags

Missing Update Known Vulnerabilities