Summary
This host is installed with ownCloud and is prone to multiple arbitrary code execution and local file disclosure vulnerabilities.
Impact
Successful exploitation will allow remote attackers to execute arbitrary PHP code by uploading a '.htaccess' file and gain access to arbitrary files.
Impact Level: System/Application
Solution
Upgrade to ownCloud version 4.0.13 or 4.5.8 or later, For updates refer to http://owncloud.org
Insight
Multiple flaws are due to,
- Improper verification of user-uploaded files by apps/contacts/import.php and apps/contacts/ajax/uploadimport.php scripts.
- Insufficient sanitization of user-supplied input to lib/migrate.php script.
Affected
ownCloud Server before version 4.0.13 and 4.5.x before version 4.5.8
Detection
Get the installed version with the help of detect NVT and check the version is vulnerable or not.
References
Severity
Classification
-
CVE CVE-2013-1850, CVE-2013-1851 -
CVSS Base Score: 6.5
AV:N/AC:L/Au:S/C:P/I:P/A:P
Related Vulnerabilities
- Apache Tomcat Login Constraints Security Bypass Vulnerability
- AjaXplorer 'doc_file' Parameter Local File Disclosure Vulnerability
- Adobe ColdFusion Multiple Cross Site Scripting Vulnerabilities
- Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
- An Image Gallery Multiple Cross-Site Scripting Vulnerability