Description

ownCloud before 5.0.6 does not properly check permissions, which allows remote authenticated users to execute arbitrary API commands via unspecified vectors. NOTE: this can be leveraged using CSRF to allow remote attackers to execute arbitrary API commands.

Remediation

References

CVE-2013-2048

Related Vulnerabilities

WordPress Plugin InLinks SQL Injection (1.0)

WordPress Plugin WP Realtime Sitemap Multiple Unspecified Vulnerabilities (1.5.5)

Magento Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-3715)

Oracle JRE CVE-2014-0459 Vulnerability (CVE-2014-0459)

Internet Information Services Other Vulnerability (CVE-2003-0718)

Severity

Medium

Classification

CVE-2013-2048 CWE-264

Tags

Missing Update Known Vulnerabilities