Summary
This host is installed with ownCloud and is prone to SQL injection vulnerability.
Impact
Successful exploitation will allow remote attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.
Impact Level: Application
Solution
Upgrade to ownCloud 4.5.11, 5.0.6 or later,
For updates refer to http://owncloud.org
Insight
The flaw is due to the 'lib/bookmarks.php' script not properly sanitizing user-supplied input before using it in SQL queries.
Affected
ownCloud Server 4.5.x before 4.5.11 and 5.x before 5.0.6
Detection
Get the installed version with the help of detect NVT and check the version is vulnerable or not.
References
Severity
Classification
-
CVE CVE-2013-2046 -
CVSS Base Score: 6.5
AV:N/AC:L/Au:S/C:P/I:P/A:P
Related Vulnerabilities
- Apache Tomcat SecurityConstraints Security Bypass Vulnerability
- Advantech WebAccess Multiple Stack Based Buffer Overflow Vulnerabilities
- 7Media Web Solutions EduTrac Directory Traversal Vulnerability
- Apache Tomcat DOS Device Name XSS
- AjaXplorer Remote Command Injection and Local File Disclosure Vulnerabilities