6.5

CVE-2012-5610

Incomplete blacklist vulnerability in lib/filesystem.php in ownCloud before 4.0.9 and 4.5.x before 4.5.2 allows remote authenticated users to execute arbitrary PHP code by uploading a file with a special crafted name.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
OwncloudOwncloud Version <= 4.0.8
   OwncloudOwncloud Version <= 4.0.8
   OwncloudOwncloud Version <= 4.0.8
OwncloudOwncloud Server Version3.0.0
   OwncloudOwncloud Server Version3.0.0
   OwncloudOwncloud Server Version3.0.0
OwncloudOwncloud Server Version3.0.1
   OwncloudOwncloud Server Version3.0.1
   OwncloudOwncloud Server Version3.0.1
OwncloudOwncloud Server Version3.0.2
   OwncloudOwncloud Server Version3.0.2
   OwncloudOwncloud Server Version3.0.2
OwncloudOwncloud Server Version3.0.3
   OwncloudOwncloud Server Version3.0.3
   OwncloudOwncloud Server Version3.0.3
OwncloudOwncloud Server Version4.0.0
   OwncloudOwncloud Server Version4.0.0
   OwncloudOwncloud Server Version4.0.0
OwncloudOwncloud Server Version4.0.1
   OwncloudOwncloud Server Version4.0.1
   OwncloudOwncloud Server Version4.0.1
OwncloudOwncloud Server Version4.0.2
   OwncloudOwncloud Server Version4.0.2
   OwncloudOwncloud Server Version4.0.2
OwncloudOwncloud Server Version4.0.3
   OwncloudOwncloud Server Version4.0.3
   OwncloudOwncloud Server Version4.0.3
OwncloudOwncloud Server Version4.0.4
   OwncloudOwncloud Server Version4.0.4
   OwncloudOwncloud Server Version4.0.4
OwncloudOwncloud Server Version4.0.5
   OwncloudOwncloud Server Version4.0.5
   OwncloudOwncloud Server Version4.0.5
OwncloudOwncloud Server Version4.0.6
   OwncloudOwncloud Server Version4.0.6
   OwncloudOwncloud Server Version4.0.6
OwncloudOwncloud Server Version4.0.7
   OwncloudOwncloud Server Version4.0.7
   OwncloudOwncloud Server Version4.0.7
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.17% 0.799
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 8 6.4
AV:N/AC:L/Au:S/C:P/I:P/A:P
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://owncloud.org/changelog/
Patch
http://secunia.com/advisories/51357
Vendor Advisory
http://www.openwall.com/lists/oss-security/2012/11/30/3
http://owncloud.org/security/advisories/oc-sa-2012-005/
Patch
Vendor Advisory
https://github.com/owncloud/core/commit/3cd416b667
https://github.com/owncloud/core/commit/4b86c43
Patch
https://github.com/owncloud/core/commit/6540c0fc63
https://github.com/owncloud/core/commit/f599267
Patch