Description
ownCloud before 5.0.6 does not properly check permissions, which allows remote authenticated users to execute arbitrary API commands via unspecified vectors. NOTE: this can be leveraged using CSRF to allow remote attackers to execute arbitrary API commands.
Remediation
References
Related Vulnerabilities
Joomla! Core 3.x.x Cross-Site Request Forgery (3.2.0 - 3.4.1)
SharePoint Heap-based Buffer Overflow Vulnerability (CVE-2026-44819)
WordPress Plugin WP No External Links Spam Injection (4.2.2)
WordPress 4.1.x Arbitrary File Deletion Vulnerability (4.1 - 4.1.23)
Moodle Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2024-34001)