Summary
This host is installed with ownCloud and is prone to local file inclusion vulnerability.
Impact
Successful exploitation will allow remote attackers to reinstall the instance overwriting the existing configuration or execute arbitrary PHP code or disclose the contents of any file on the system.
Impact Level: System/Application
Solution
Upgrade to ownCloud version 5.0.17 or 6.0.4 or later.
For updates refer to http://owncloud.org
Insight
The flaw exists due to the Routing component not properly sanitizing user-supplied input to the 'filename' parameter in a require_once statement.
Affected
ownCloud Server 5.0.x before version 5.0.17, 6.0.x before version 6.0.4
Detection
Get the installed version with the help of detect NVT and check the version is vulnerable or not.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2014-4929 -
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
Related Vulnerabilities