Description

ownCloud 4.0.x before 4.0.10 and 4.5.x before 4.5.5 does not properly restrict access to settings.php, which allows remote attackers to edit app configurations of user_webdavauth and user_ldap by editing this file.

Remediation

References

CVE-2012-5665

Related Vulnerabilities

WordPress Plugin Product Slider for WooCommerce Security Bypass (2.5.6)

WordPress Plugin Brizy-Page Builder Arbitrary File Upload (2.4.44)

Opencart Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-4671)

WordPress Plugin Kama WP Smiles Unspecified Vulnerability (1.8.1)

WordPress Plugin Request Quote via Whatsapp for Woocommerce Cross-Site Scripting (1.0.1)

Severity

Medium

Classification

CVE-2012-5665 CWE-264

Tags

Missing Update Known Vulnerabilities