Description

The contacts application in ownCloud before 4.5.10 and 5.x before 5.0.5 does not properly check the ownership of contacts, which allows remote authenticated users to download arbitrary contacts via unspecified vectors.

Remediation

References

CVE-2013-1963

Related Vulnerabilities

TYPO3 Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2014-3942)

WordPress Plugin About Author Cross-Site Scripting (1.3.9)

Atlassian Confluence Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2024-21672)

WordPress Plugin Gallery-Flagallery Photo Portfolio SQL Injection (2.55)

Jboss EAP Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') Vulnerability (CVE-2019-20445)

Severity

Medium

Classification

CVE-2013-1963 CWE-264

Tags

Missing Update Known Vulnerabilities