Description
ownCloud 4.0.x before 4.0.10 and 4.5.x before 4.5.5 does not properly restrict access to settings.php, which allows remote attackers to edit app configurations of user_webdavauth and user_ldap by editing this file.
Remediation
References
Related Vulnerabilities
Missing Authentication Check in SAP Solution Manager
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-3180)
LimeSurvey Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2021-44967)
WordPress Plugin WP-Cumulus 'tagcloud.swf' Cross-Site Scripting (1.22)
MySQL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-10379)