Summary
This host is installed with ownCloud and is prone to multiple XSS and SQL injection vulnerabilities.
Impact
Successful exploitation will allow remote attacker to inject or manipulate SQL queries in the back-end database or conduct script insertion.
Impact Level: Application
Solution
Upgrade to ownCloud version 5.0.1 or later,
For updates refer to http://owncloud.org
Insight
- Input passed via the 'new_name' POST parameter to /apps/bookmarks/ajax/renameTag.php is not properly sanitised before being used.
- Certain unspecified input passed to some files in apps/contacts/ajax/ is not properly sanitised before being used.
- Certain unspecified input passed to addressbookprovider.php is not properly sanitised before being used in a SQL query.
Affected
ownCloud Server before version 5.0.1
Detection
Get the installed version with the help of detect NVT and check the version is vulnerable or not.
References
Severity
Classification
-
CVE CVE-2013-1890, CVE-2013-1893 -
CVSS Base Score: 6.5
AV:N/AC:L/Au:S/C:P/I:P/A:P
Related Vulnerabilities
- Adobe ColdFusion Multiple Vulnerabilities-03 May-2014
- AfterLogic WebMail Pro Multiple Cross Site Scripting Vulnerabilities
- 7Media Web Solutions EduTrac Directory Traversal Vulnerability
- Apache Web Server ETag Header Information Disclosure Weakness
- An Image Gallery Multiple Cross-Site Scripting Vulnerability