Description

ownCloud 4.0.x before 4.0.10 and 4.5.x before 4.5.5 does not properly restrict access to settings.php, which allows remote attackers to edit app configurations of user_webdavauth and user_ldap by editing this file.

Remediation

References

CVE-2012-5665

Related Vulnerabilities

PostgreSQL Other Vulnerability (CVE-2006-0105)

PHP Permissions, Privileges, and Access Controls Vulnerability (CVE-2011-4718)

Rukovoditel Cleartext Storage of Sensitive Information Vulnerability (CVE-2020-11821)

MySQL CVE-2019-2482 Vulnerability (CVE-2019-2482)

WordPress Plugin AllWebMenus WordPress Menu 'actions.php' Arbitrary File Upload (1.1.8)

Severity

Medium

Classification

CVE-2012-5665 CWE-264

Tags

Missing Update Known Vulnerabilities